1 00:00:04,720 --> 00:00:11,120 This is identity at the center. Welcome to the Identity at the 2 00:00:11,120 --> 00:00:12,880 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,880 --> 00:00:15,160 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,640 --> 00:00:17,720 Oh, not so bad yourself. Good. 5 00:00:17,720 --> 00:00:23,400 I've been working on an article and I decided to basically take 6 00:00:23,400 --> 00:00:26,880 the article and kind of wrap it around the name of this podcast, 7 00:00:26,880 --> 00:00:31,000 Identity at the Center. I'm trying to explain the 8 00:00:31,000 --> 00:00:33,240 concept of identity at the center. 9 00:00:33,240 --> 00:00:36,120 I think everyone says identity is at the center of 10 00:00:36,120 --> 00:00:38,880 cybersecurity. There's a couple of like catch 11 00:00:38,880 --> 00:00:41,960 phrases that go with that, like hackers login. 12 00:00:41,960 --> 00:00:46,000 They don't break in the whole idea that, you know, we're 13 00:00:46,000 --> 00:00:49,760 moving towards zero trust. People who have kind of come in 14 00:00:49,960 --> 00:00:51,840 and are on the network can't be trusted. 15 00:00:51,840 --> 00:00:57,320 So it's, you know, deny, never trust kind of approach. 16 00:00:57,640 --> 00:01:01,560 And I think this episode, what we're going to talk today about 17 00:01:01,560 --> 00:01:06,080 is that it's not just identity in terms of kind of the 18 00:01:06,080 --> 00:01:10,880 classical thought of a person or even a machine logging in, but 19 00:01:10,880 --> 00:01:14,880 it's also the device, you know, identifying that device can be 20 00:01:14,880 --> 00:01:19,480 part of kind of the overall representation of an identity 21 00:01:19,640 --> 00:01:23,440 and whether or not they should be able to access system or 22 00:01:23,440 --> 00:01:25,480 data. Yeah. 23 00:01:25,880 --> 00:01:29,400 I guess this is sort of like where machine identity, server 24 00:01:29,480 --> 00:01:31,920 machine, you know, non human identity, like all that stuff is 25 00:01:31,920 --> 00:01:33,920 coming through. Everything has an identity at 26 00:01:33,920 --> 00:01:35,240 this point. And I know you and I have 27 00:01:35,240 --> 00:01:39,160 disagreed in the past over the definition of identity. 28 00:01:39,480 --> 00:01:41,960 Can a non human have an identity? 29 00:01:42,320 --> 00:01:46,760 I argue yes, you argue no. Do we want to rehash that 30 00:01:46,960 --> 00:01:49,120 disagreement right now real quick, just so we understand 31 00:01:49,120 --> 00:01:52,000 each other's positions or have you have you come to my side? 32 00:01:52,000 --> 00:01:52,720 The good side? It's. 33 00:01:53,280 --> 00:01:54,480 Also my side I. Don't know that I've come. 34 00:01:54,560 --> 00:01:56,920 To your side. So Shay's with me on this. 35 00:01:56,920 --> 00:01:59,280 Let me go ahead and introduce her while So, you know, you're 36 00:01:59,280 --> 00:02:01,040 like this. This strange voice came out of 37 00:02:01,120 --> 00:02:03,320 nowhere. Yeah, we've got Shay Mcgrew 38 00:02:03,320 --> 00:02:05,680 today. She's the CTO for Maricopa 39 00:02:05,680 --> 00:02:08,720 County in the Grand Canyon state of Arizona here in the United 40 00:02:08,720 --> 00:02:10,720 States. So thank you for chiming in, 41 00:02:10,720 --> 00:02:12,720 Shay. It sounds like we got two on one 42 00:02:12,720 --> 00:02:14,640 today against Jim. Go ahead, Trey. 43 00:02:15,000 --> 00:02:16,960 Yeah. Oh, hey, I I thought you had to, 44 00:02:16,960 --> 00:02:21,800 you know, convince us of otherwise. 45 00:02:21,800 --> 00:02:25,120 Yeah, make your case. Yeah, my case has always been 46 00:02:25,120 --> 00:02:29,480 that devices have accounts. They don't have identities. 47 00:02:29,480 --> 00:02:34,160 Identities are reserved for people or representations of 48 00:02:34,160 --> 00:02:36,480 people. When I say representation of 49 00:02:36,680 --> 00:02:41,560 people, I think that an AI could be a representation of a person, 50 00:02:41,920 --> 00:02:46,440 but I've always felt that the proper term for devices and 51 00:02:46,440 --> 00:02:50,600 machines was accounts. How do you define identity? 52 00:02:51,800 --> 00:02:53,560 What do you have to have to have an identity? 53 00:02:54,080 --> 00:02:58,600 I think you have to have the ability to own something. 54 00:02:58,880 --> 00:03:04,000 I think you have to have the ability to, you know? 55 00:03:04,040 --> 00:03:07,120 Something like a house or own something to prove your 56 00:03:07,120 --> 00:03:09,440 identity. So you just have the ability to 57 00:03:09,480 --> 00:03:13,200 own devices, for example. I totally wasn't prepared for 58 00:03:13,200 --> 00:03:15,880 this this debate. This is the best. 59 00:03:15,880 --> 00:03:18,720 And I'm like searching for my answer. 60 00:03:18,720 --> 00:03:21,760 I haven't thought about it in a little while, but I kind of 61 00:03:21,760 --> 00:03:26,800 think of the representation of devices as the account they 62 00:03:26,800 --> 00:03:29,920 authenticate as. So I I flipped the question back 63 00:03:29,920 --> 00:03:32,120 to you, which is what is an account? 64 00:03:32,640 --> 00:03:35,080 Yeah, good point. I mean, I think we'll get into 65 00:03:35,080 --> 00:03:38,320 it a little bit today as we discuss device identity and why 66 00:03:38,320 --> 00:03:42,280 it's important and how we're how we're actually defining device 67 00:03:42,280 --> 00:03:46,240 identity perhaps you know here at the county as well as I'm 68 00:03:46,240 --> 00:03:50,120 sure other folks are as well. But I think we are headed into a 69 00:03:50,120 --> 00:03:56,840 space where hardware is getting more and more uniquely 70 00:03:56,840 --> 00:03:59,800 identifiable for that reason. So. 71 00:04:00,120 --> 00:04:02,880 I feel I feel like we have so much to crown to cover here. 72 00:04:03,040 --> 00:04:06,080 We didn't even get to like do a proper like origin story for 73 00:04:06,080 --> 00:04:08,240 you. We immediately jumped into, you 74 00:04:08,240 --> 00:04:10,200 know, dogtile on Jim. Jim, you're wrong. 75 00:04:10,640 --> 00:04:13,080 They're, you know, non humans can of identities, machines can 76 00:04:13,080 --> 00:04:14,880 of identities. But let's start from the very 77 00:04:14,880 --> 00:04:16,920 beginning. So Shay, first time you've been 78 00:04:16,920 --> 00:04:20,320 with us here on the show. So I know you've listened to the 79 00:04:20,320 --> 00:04:21,959 past. So thank you very much for for 80 00:04:21,959 --> 00:04:24,400 being a listener. Now you're here on the hot 81 00:04:24,400 --> 00:04:26,440 seats. There's no spicy wings or 82 00:04:26,440 --> 00:04:29,000 anything like that, but you may be some spicy machine identity 83 00:04:29,000 --> 00:04:31,200 conversation. Let's start with your 84 00:04:31,200 --> 00:04:33,400 background. So I mentioned that you're the 85 00:04:33,400 --> 00:04:36,480 CTO for Maricopa County in Arizona. 86 00:04:36,800 --> 00:04:38,200 So tell me a little about your role. 87 00:04:38,200 --> 00:04:40,960 How did you get to that spot and sort of what led you on your 88 00:04:40,960 --> 00:04:43,240 journey to there? And do you consider yourself an 89 00:04:43,240 --> 00:04:46,600 identity person, a technology person, a security person? 90 00:04:47,080 --> 00:04:49,280 Yes to all three. Like give me your background. 91 00:04:50,280 --> 00:04:53,640 Yeah, I would, I would definitely say yes to all three 92 00:04:54,680 --> 00:04:59,160 to place a systems thinker who likes to dabble across all of 93 00:04:59,160 --> 00:05:02,160 the technologies, understand how they best fit together, how they 94 00:05:02,160 --> 00:05:05,800 support each other, where the dependencies are, where the 95 00:05:05,800 --> 00:05:09,640 opportunities are. And that's kind of what started 96 00:05:09,640 --> 00:05:14,560 my journey in IT was just getting into and understanding 97 00:05:15,120 --> 00:05:17,880 systems, how we use them, how we use them for business, how we 98 00:05:17,880 --> 00:05:23,480 use them for personal use. And really my IT journey started 99 00:05:23,480 --> 00:05:27,240 around the time that Sarbanes-Oxley started hitting 100 00:05:27,320 --> 00:05:32,520 IT, well, hitting organizations, right, to include IT shops and 101 00:05:32,520 --> 00:05:37,800 so, you know, freshly minted helpdesk administrator working 102 00:05:37,800 --> 00:05:41,000 with some seasoned system engineers, systems 103 00:05:41,000 --> 00:05:45,520 administrators, and of course, Sarbanes-Oxley kind of turned 104 00:05:45,520 --> 00:05:49,880 identity into a compliance later layer rather than like an IT 105 00:05:49,920 --> 00:05:55,480 operations component. It became a core platform for 106 00:05:55,480 --> 00:05:58,760 organizations to be able to prove that they were secure, 107 00:05:58,760 --> 00:06:01,680 that they were compliant. And of course, during that time, 108 00:06:02,280 --> 00:06:06,840 a lot of organizations scrambled to rethink their IDP, reorganize 109 00:06:06,960 --> 00:06:11,240 Active Directory. And the beautiful PowerShell was 110 00:06:11,640 --> 00:06:15,320 was not quite yet out when Sarbanes-Oxley hit. 111 00:06:15,320 --> 00:06:18,040 So we're talking like VB scripting. 112 00:06:18,040 --> 00:06:24,840 And I worked with a wonderful senior systems engineer who 113 00:06:24,880 --> 00:06:27,760 could just manipulate Active Directory to her whims. 114 00:06:28,600 --> 00:06:32,320 And of course, we have all of these audit findings from 115 00:06:32,320 --> 00:06:35,720 Sarbanes-Oxley. She looks at it, I look at it, 116 00:06:35,720 --> 00:06:37,600 I'm like, that's like hours of work. 117 00:06:37,720 --> 00:06:39,480 She's like, now this will take me 5 minutes. 118 00:06:39,760 --> 00:06:43,520 I'm like, what? And so that really sparked that 119 00:06:43,520 --> 00:06:47,400 love for initially Active Directory and then of course, 120 00:06:47,400 --> 00:06:53,000 following that, the identity path through my engineering and 121 00:06:53,000 --> 00:06:55,640 architecture journey to where we are now. 122 00:06:56,520 --> 00:06:59,640 And I can say that I'm not completely surprised that 123 00:06:59,640 --> 00:07:04,360 identity is now at the center once again for the way that we 124 00:07:04,680 --> 00:07:08,280 we manage, operate and secure our resources. 125 00:07:09,680 --> 00:07:11,920 So yeah, I, I came up through the ranks. 126 00:07:11,920 --> 00:07:14,880 I came up on the infrastructure engineering side, got into 127 00:07:14,880 --> 00:07:19,520 architecture and then with the county, got into the CTO role. 128 00:07:19,520 --> 00:07:22,960 And now again, I get to dabble across multiple domains, which 129 00:07:22,960 --> 00:07:26,880 is always fun. It's like a giant puzzle putting 130 00:07:26,880 --> 00:07:29,640 everything together. So I love the story. 131 00:07:29,640 --> 00:07:32,520 So I, I knew I liked you right away because I also kind of got 132 00:07:32,520 --> 00:07:35,840 started in IT in the help desk. So amazing career journey to go 133 00:07:35,840 --> 00:07:38,280 from like help desk analyst to CTO, right? 134 00:07:38,280 --> 00:07:40,840 I think there's that's very aspirational for a lot of people 135 00:07:41,720 --> 00:07:43,440 have. So one thing that I've never 136 00:07:43,440 --> 00:07:45,880 forgotten, though, is my roots. Going back to the help desk is 137 00:07:45,880 --> 00:07:50,040 like, OK, yeah, yet another call for printer support at 3:00 AM. 138 00:07:50,040 --> 00:07:52,440 Printers were my nemesis. I still hate printers. 139 00:07:53,000 --> 00:07:53,840 I won't. I won't do it. 140 00:07:54,240 --> 00:07:55,520 Yeah. Have you tried turning it off 141 00:07:55,520 --> 00:07:56,800 and on, Right. That's probably the number one 142 00:07:56,800 --> 00:07:58,360 troubleshooting, you know, the things out there. 143 00:07:58,720 --> 00:08:02,680 What is something that you took from your, you know, help center 144 00:08:02,680 --> 00:08:06,280 days, help desk days that you've kept with you throughout this 145 00:08:06,280 --> 00:08:08,880 entire journey and you keep with you today as ACTO? 146 00:08:10,520 --> 00:08:15,920 It's a great question. Certainly customer service and a 147 00:08:16,640 --> 00:08:22,280 sense of I'll call it extreme ownership looking or getting an 148 00:08:22,280 --> 00:08:26,320 issue in at the help desk and then being able to track its 149 00:08:26,320 --> 00:08:30,440 path all the way to resolution even if it's way outside of your 150 00:08:30,440 --> 00:08:33,600 realm, right. And I think that's really what 151 00:08:33,679 --> 00:08:40,080 helps accelerate my career to CTO is ensuring that I was, I 152 00:08:40,080 --> 00:08:43,200 was leading with curiosity and understanding why is this an 153 00:08:43,200 --> 00:08:47,080 issue for the user and identifying those stomach 154 00:08:47,080 --> 00:08:50,360 problems, right? If I got 5 calls from a user as 155 00:08:50,360 --> 00:08:54,440 I was sitting on the help desk for a very similar issue, you 156 00:08:54,440 --> 00:08:58,000 don't just solve them and then, you know, hang up the phone and 157 00:08:58,000 --> 00:09:01,280 wait for the next call. You start to ask why, why is 158 00:09:01,280 --> 00:09:03,640 this happening? And so that's probably one of 159 00:09:03,640 --> 00:09:05,400 the biggest things I took away from help desk 'cause you're at 160 00:09:05,400 --> 00:09:10,520 the front lines there, right? You get to see really they're 161 00:09:10,560 --> 00:09:13,640 kind of like the bridge, the first bridge for from a business 162 00:09:13,640 --> 00:09:16,080 and technology perspective. You get to understand how 163 00:09:16,080 --> 00:09:20,160 technology is impacting that end user and how you have to change 164 00:09:20,160 --> 00:09:24,320 technology to influence or change their experience. 165 00:09:24,640 --> 00:09:27,800 And truly, that's at the roots of being a CTO as well. 166 00:09:29,200 --> 00:09:33,920 What do you find as the hardest and best parts of being a CTO? 167 00:09:38,640 --> 00:09:43,040 Well, the, the best parts again are definitely seeing that 168 00:09:43,040 --> 00:09:44,800 bridge between business and technology. 169 00:09:45,600 --> 00:09:49,280 So I also have a little bit of a business background MBA with an 170 00:09:49,280 --> 00:09:52,000 emphasis in enterprise information systems. 171 00:09:52,480 --> 00:09:55,560 And I went down that path for that reason, right? 172 00:09:55,560 --> 00:10:02,240 Because I do think that we're starting to see a change where 173 00:10:02,240 --> 00:10:07,960 IT is not this backroom kind of somewhat enabling supporting 174 00:10:07,960 --> 00:10:10,000 technology. It is starting to become a 175 00:10:10,000 --> 00:10:16,840 leader and perhaps enabler, a bigger enabler of business 176 00:10:16,840 --> 00:10:20,640 strategy. And so one of the most enjoyable 177 00:10:20,640 --> 00:10:23,880 parts for me as a CTO is being able to draw those connections 178 00:10:23,880 --> 00:10:27,240 for business leaders and how they can take advantage of 179 00:10:27,240 --> 00:10:31,440 technology and to really show them that the technology, 180 00:10:31,440 --> 00:10:34,760 especially the technology that we have, the capabilities that 181 00:10:34,760 --> 00:10:38,600 we are building within our organization, you know, can 182 00:10:38,600 --> 00:10:42,480 speed up, you know, a Business School that they thought would 183 00:10:42,480 --> 00:10:46,920 take 10 years, we could do it in maybe 5, maybe 1. 184 00:10:48,440 --> 00:10:52,160 So best part is just again, applying technology and and 185 00:10:52,160 --> 00:10:56,200 being able to put together the right pieces to enable business. 186 00:10:57,800 --> 00:11:01,880 It also becomes one of the hardest parts of course, is 187 00:11:02,800 --> 00:11:06,440 getting into the conversations with the business and being able 188 00:11:06,440 --> 00:11:12,120 to articulate technical concepts in a way that makes the business 189 00:11:12,120 --> 00:11:17,520 excited, makes them want to adopt and partner with IT. 190 00:11:18,280 --> 00:11:22,720 And so, yeah, as a, as a CTO, especially as a CTO in local 191 00:11:22,720 --> 00:11:27,400 government, all of the business different, the different 192 00:11:27,400 --> 00:11:31,120 business lines that we have, you really have to structure those 193 00:11:31,120 --> 00:11:36,320 conversations uniquely for, for every single one, right. 194 00:11:36,760 --> 00:11:38,800 It's. You don't have a a standard way 195 00:11:38,800 --> 00:11:44,880 to approach anything really. So where does identity fit into 196 00:11:44,880 --> 00:11:48,280 your strategy at a CTO level? Obviously you're on, you know, 197 00:11:48,320 --> 00:11:50,400 the Identity Center podcast. I was going to say at the 198 00:11:50,400 --> 00:11:52,040 center, of course. OK. 199 00:11:52,040 --> 00:11:54,080 So right answer, first of all, so congratulations. 200 00:11:54,600 --> 00:11:56,720 But talk to me a little bit about, you know, realistically, 201 00:11:56,720 --> 00:11:57,520 right? I get it. 202 00:11:57,520 --> 00:12:00,560 There's so many different, you know, pieces of the puzzle that 203 00:12:00,560 --> 00:12:04,960 have competing priorities for time, budget, resources, you 204 00:12:04,960 --> 00:12:08,320 know, the political, you know, things that are happening within 205 00:12:08,320 --> 00:12:12,440 any organization. How do you manage and balance? 206 00:12:12,440 --> 00:12:14,080 Where does identity fit with all that? 207 00:12:14,080 --> 00:12:16,880 Is it something that is part of like an information security 208 00:12:16,880 --> 00:12:18,760 strategy? Do you carve it out separately? 209 00:12:18,760 --> 00:12:22,080 Because I want to ask you some questions about how you know you 210 00:12:22,080 --> 00:12:24,760 and, and really you know the county are going after the 211 00:12:24,760 --> 00:12:27,360 program. Yeah, great question. 212 00:12:27,360 --> 00:12:30,200 And here at the county, we did carve it out separately. 213 00:12:30,680 --> 00:12:34,320 And so we have been running a specific identity and access 214 00:12:34,320 --> 00:12:37,200 management program for a number of years. 215 00:12:37,520 --> 00:12:42,240 And it did really start kind of, as I stated, with recognizing an 216 00:12:42,240 --> 00:12:44,600 underlying problem that was occurring at the county. 217 00:12:45,440 --> 00:12:49,400 And I think this occurs across many orgs, you know, local, 218 00:12:49,400 --> 00:12:51,400 state, Gov, all of it everywhere. 219 00:12:52,240 --> 00:12:59,720 And that was a kind of the, the decentralization of identity. 220 00:12:59,720 --> 00:13:03,960 So we had, when I started at the county, you know, I had multiple 221 00:13:03,960 --> 00:13:08,760 logins and I had to understand when and how to use those 222 00:13:08,760 --> 00:13:11,320 logins. And of course, if you go back to 223 00:13:11,320 --> 00:13:13,720 those help desk groups and you go talk to the help desk, 224 00:13:13,720 --> 00:13:17,720 they're like, this is crazy. Like password resets are in the 225 00:13:17,720 --> 00:13:22,560 two hundreds per day, right? And so truly being able to 226 00:13:22,560 --> 00:13:28,920 recognize some of the, I'll call it operational, operational 227 00:13:28,920 --> 00:13:33,280 problems within identity causing significant impacts not only to 228 00:13:33,360 --> 00:13:38,000 IT operations, but also to the employee experience and then 229 00:13:38,000 --> 00:13:41,000 starting to curate solutions to those problems. 230 00:13:41,000 --> 00:13:43,680 And that's really where the roots of the identity and access 231 00:13:43,680 --> 00:13:48,800 management program grew. So years ago we were able to 232 00:13:48,800 --> 00:13:52,880 collapse our our domain infrastructure, our forest 233 00:13:52,880 --> 00:13:58,720 infrastructure, I'll even say down to a significant less 234 00:13:58,760 --> 00:14:01,640 number of domains that we had to manage across the county. 235 00:14:02,280 --> 00:14:05,400 And we all came together and agreed that from an employee 236 00:14:05,400 --> 00:14:10,520 experience perspective, trying to standardize on one identity 237 00:14:10,520 --> 00:14:14,800 for an employee was our goal. And so those were kind of the 238 00:14:14,800 --> 00:14:19,600 roots of our identity program. And over the last year here, 239 00:14:19,600 --> 00:14:23,760 we've expanded and gotten a little bit more specific about 240 00:14:23,760 --> 00:14:30,080 how we want to tackle that. So the program that we are we 241 00:14:30,080 --> 00:14:35,600 are running right now is separated into 3 core identity 242 00:14:35,600 --> 00:14:39,800 types and two kind of capability categories just to keep us in 243 00:14:39,800 --> 00:14:41,920 line. Cause again, you know, there's 244 00:14:41,920 --> 00:14:44,400 lots of problems to solve out there, lots of opportunities to 245 00:14:44,400 --> 00:14:46,160 tackle. So we have to know which ones 246 00:14:46,160 --> 00:14:48,600 come first and which ones are most valuable. 247 00:14:48,600 --> 00:14:52,240 So our three core identity types that we're focused on are 248 00:14:52,240 --> 00:14:55,200 internal, external and device identity. 249 00:14:56,280 --> 00:15:00,520 And our 2 core kind of capability categories are 250 00:15:00,520 --> 00:15:04,480 identity management, which includes the foundational pieces 251 00:15:04,480 --> 00:15:08,520 like how, like what attributes are associated with what types 252 00:15:08,520 --> 00:15:11,280 of identities? How do we manage those 253 00:15:11,280 --> 00:15:13,960 attributes? Where is the identity originated 254 00:15:13,960 --> 00:15:16,760 from? And then access management as 255 00:15:16,760 --> 00:15:20,200 the second meaning how does that identity get access to the 256 00:15:20,200 --> 00:15:23,480 network, get access to data, get access to other other assets 257 00:15:23,480 --> 00:15:27,880 that it needs access to. So kind of a, a three by two 258 00:15:28,360 --> 00:15:32,960 approach to how we tackle identity, kind of allowing our 259 00:15:32,960 --> 00:15:38,600 teams to really focus in on where where they have subject 260 00:15:38,600 --> 00:15:41,880 matter expertise, right. And the county still doesn't 261 00:15:41,880 --> 00:15:45,840 have really a centralized identity team that focuses 262 00:15:45,840 --> 00:15:49,960 across any identity type. We do have kind of the classic, 263 00:15:49,960 --> 00:15:52,640 you have your system administrators, help desks that 264 00:15:52,640 --> 00:15:56,160 work on internal user identity. You have kind of the developers 265 00:15:56,920 --> 00:16:00,040 or the business who works with external identity and then 266 00:16:00,040 --> 00:16:03,720 desktop support working a lot with like or system admins 267 00:16:03,720 --> 00:16:05,520 working with the device identity. 268 00:16:06,040 --> 00:16:09,600 And we can start to really focus and utilize those teams in the 269 00:16:09,720 --> 00:16:14,240 in, in those areas in parallel. And the goal, of course, is to 270 00:16:15,040 --> 00:16:17,320 see accelerated outcomes with that model. 271 00:16:18,760 --> 00:16:21,240 So you just spit out a whole bunch there and I wonder, you 272 00:16:21,240 --> 00:16:25,840 know, how do you get buy in and support to do this? 273 00:16:25,840 --> 00:16:29,280 Because this is not an overnight shift where you can say, OK, I 274 00:16:29,280 --> 00:16:31,720 snap my fingers and give me a bunch of money and it's done 275 00:16:32,080 --> 00:16:33,160 right. There's no easy button. 276 00:16:33,400 --> 00:16:37,880 It takes years, sometimes longer decades to to to have these 277 00:16:37,880 --> 00:16:41,720 seismic shifts in the way you approach really any large IT 278 00:16:41,720 --> 00:16:43,960 transformation. But identity typically has a lot 279 00:16:43,960 --> 00:16:46,240 of moving departments. So I'd like to understand a 280 00:16:46,240 --> 00:16:50,000 little bit about how you kind of explained everything that you 281 00:16:50,000 --> 00:16:53,920 just said to somebody who is not a technology person or not an 282 00:16:53,920 --> 00:16:55,400 identity person. Because I think the one thing 283 00:16:55,400 --> 00:16:58,280 that a lot of people listening here today might be thinking is, 284 00:16:58,280 --> 00:16:59,800 OK, that's great. I, I get it. 285 00:16:59,800 --> 00:17:03,840 We know what we need to do. How do I communicate that to the 286 00:17:03,840 --> 00:17:05,800 rest of my organization? Yeah. 287 00:17:06,520 --> 00:17:09,839 And that is going to be probably somewhat unique depending on 288 00:17:09,839 --> 00:17:13,440 your org. I will say at the beginning, I 289 00:17:13,440 --> 00:17:19,800 had some great partners in HR of all places who helped us to 290 00:17:20,240 --> 00:17:24,960 drive the single source of identity being an HR record for 291 00:17:24,960 --> 00:17:28,280 the county. And then from there we were able 292 00:17:28,280 --> 00:17:32,840 to, you know, explain why, why that was, why that was critical 293 00:17:32,840 --> 00:17:34,600 to have a single source of identity. 294 00:17:34,600 --> 00:17:36,680 I think. I think on that one, the 295 00:17:36,680 --> 00:17:39,960 business could feel that pain. So that was an easier one to 296 00:17:39,960 --> 00:17:41,720 explain. Like, hey, instead of, you know, 297 00:17:41,720 --> 00:17:43,480 writing down all of your passwords and sticking them 298 00:17:43,480 --> 00:17:46,200 under your keyboard for the 50 accounts that you have, we're 299 00:17:46,200 --> 00:17:47,760 going to give you 1. And this is how we're going to 300 00:17:47,760 --> 00:17:51,840 do it. As the program is progressing, 301 00:17:52,640 --> 00:17:56,920 of course, the the cyberspace has has rapidly changed over the 302 00:17:56,920 --> 00:18:03,400 last, you know, 5 to 10 years. As our assets became more 303 00:18:03,400 --> 00:18:06,680 digitalized, especially our information assets, of course, 304 00:18:06,680 --> 00:18:11,320 they became more targeted and the perimeter shifts and all of 305 00:18:11,320 --> 00:18:16,560 this great stuff, right, which kind of provided routes for the 306 00:18:16,560 --> 00:18:21,880 concept of zero trust and zero trust became kind of a buzzword, 307 00:18:21,880 --> 00:18:24,040 right. So of course a core pillar of 308 00:18:24,040 --> 00:18:27,040 zero trust is identity. So I did grab on to those coat 309 00:18:27,040 --> 00:18:30,680 tails. And for that one, the 310 00:18:30,920 --> 00:18:34,160 explanation from a business perspective that we're going 311 00:18:34,160 --> 00:18:40,680 with is kind of like the airport analogy where, you know, you can 312 00:18:40,680 --> 00:18:43,560 walk into an airport and not show anybody any identity. 313 00:18:43,840 --> 00:18:48,360 You can wander around, you can have lunch, but if you want to 314 00:18:48,360 --> 00:18:52,240 say go to a different terminal, there's going to be a security 315 00:18:52,240 --> 00:18:54,600 checkpoint. They're going to make sure that 316 00:18:54,680 --> 00:18:56,800 you are safe. They're going to make sure you 317 00:18:56,800 --> 00:19:00,040 say who you are, who they say who you say you are. 318 00:19:01,480 --> 00:19:03,560 And to do that, you have to, you know, show identity. 319 00:19:03,560 --> 00:19:06,080 You have to walk through a metal detector. 320 00:19:06,480 --> 00:19:09,800 And then even from there, if you want to get onto a plane, 321 00:19:10,280 --> 00:19:15,160 essentially get access to the asset, right, You have to show 322 00:19:15,160 --> 00:19:16,960 identity. Again, you have to show proof 323 00:19:17,240 --> 00:19:23,320 that you should be there. So I, I like the airport analogy 324 00:19:23,840 --> 00:19:27,600 because it really hits home with, Oh yeah, like, yeah, we 325 00:19:27,600 --> 00:19:29,200 have to show our identity all the time. 326 00:19:29,200 --> 00:19:33,000 This isn't, this isn't new. We're just going to put some 327 00:19:33,000 --> 00:19:36,200 security checkpoints up around our, all of our buildings in a 328 00:19:36,200 --> 00:19:38,800 digital fashion. And, you know, your device is 329 00:19:38,800 --> 00:19:42,640 going to be screened through the metal detector to make sure that 330 00:19:42,760 --> 00:19:46,440 it's harmless. And you will show your identity, 331 00:19:46,640 --> 00:19:49,600 you know, in the form of a certificate essentially. 332 00:19:49,600 --> 00:19:54,200 And then you get access. And in that space, of course, 333 00:19:54,200 --> 00:20:00,920 the the the reduction in risk, especially for like cyberattacks 334 00:20:01,520 --> 00:20:05,160 is a big driver for support in that space. 335 00:20:06,520 --> 00:20:09,240 I love that airport analogy because I use the same one and 336 00:20:09,240 --> 00:20:11,320 it's, it's really something I think that resonates with a lot 337 00:20:11,320 --> 00:20:13,760 of people because most people have gone through some sort of 338 00:20:14,160 --> 00:20:16,560 airline experience, right? Whether it's flying or taking 339 00:20:16,560 --> 00:20:18,680 some of the airport, whatever it may be, you're showing your 340 00:20:18,680 --> 00:20:20,520 ticket. You know, you're going through 341 00:20:20,520 --> 00:20:23,960 maybe a security line, but you're not showing it just once. 342 00:20:24,360 --> 00:20:27,000 You're showing your credentials, your identity throughout the 343 00:20:27,000 --> 00:20:29,280 process. So for me, living in Asheville, 344 00:20:29,480 --> 00:20:31,120 our airport is currently under construction. 345 00:20:31,120 --> 00:20:32,560 So like half the terminal is a mess. 346 00:20:33,160 --> 00:20:37,440 I have to show ID three times before I get onto the plane, 347 00:20:37,440 --> 00:20:41,480 sometimes four, once at the security check for TSA, another 348 00:20:41,480 --> 00:20:44,520 one when I board the plane. And then I go outside on the 349 00:20:44,520 --> 00:20:46,680 tarmac and they usually, and this is one of those smaller 350 00:20:46,680 --> 00:20:48,760 reports, we're actually on the tarmac where the plane is, 351 00:20:48,760 --> 00:20:50,520 right? So you walk out there and then 352 00:20:50,520 --> 00:20:53,360 there's another person who asked me for another piece of, you 353 00:20:53,360 --> 00:20:56,240 know, information, seat number, name, right, things like that. 354 00:20:56,480 --> 00:21:00,000 And then I walk across tarmac to the stairs that go up into the 355 00:21:00,000 --> 00:21:02,160 plane and there's usually another person there just to 356 00:21:02,160 --> 00:21:05,160 make sure that nobody got lost in the entire shuffle. 357 00:21:05,160 --> 00:21:07,600 So it's like almost like, you know, this concept of continuous 358 00:21:07,600 --> 00:21:09,600 identity access management, I think it's something that kind 359 00:21:09,600 --> 00:21:12,120 of works the route. There was one thing that you 360 00:21:12,120 --> 00:21:16,480 mentioned and you mentioned 0 trusts and you know, you kind 361 00:21:16,480 --> 00:21:19,040 of, I think half jokingly, but maybe not really kind of 362 00:21:19,040 --> 00:21:20,440 mentioned like, well, everything's zero trust now, 363 00:21:20,440 --> 00:21:21,480 right? And it was like the security 364 00:21:21,480 --> 00:21:23,160 buzzwords and those things come along. 365 00:21:23,760 --> 00:21:26,000 How much do those buzzwords matter? 366 00:21:26,000 --> 00:21:28,120 Like when you're having conversations with people who 367 00:21:28,120 --> 00:21:33,080 aren't IT or security or identity, they hear zero trust, 368 00:21:33,080 --> 00:21:34,800 like, oh, that sounds cool. Are we doing it? 369 00:21:35,000 --> 00:21:37,360 Like, does does the marketing spin help at all? 370 00:21:37,360 --> 00:21:39,720 And then you kind of have to like correct it or or maybe you 371 00:21:39,720 --> 00:21:43,080 ride the coattails of it. Well, I'd say a little bit of 372 00:21:43,640 --> 00:21:48,400 both. And so we've definitely had that 373 00:21:48,400 --> 00:21:53,480 pendulum swing both ways, right, where, you know, again, it's a 374 00:21:53,480 --> 00:21:58,240 buzzword and, and leaders will say, I want zero trust. 375 00:21:58,800 --> 00:22:02,320 Can we do it next year? Well, probably not. 376 00:22:03,560 --> 00:22:06,960 And there's others who will say, yeah, we, we follow the zero 377 00:22:06,960 --> 00:22:10,120 trust framework, right? We've, yeah, we, we do all of 378 00:22:10,120 --> 00:22:12,080 those things. And you say, well, what things 379 00:22:12,080 --> 00:22:13,480 do you do? Well, people have to 380 00:22:13,480 --> 00:22:19,280 authenticate, OK, not, not quite, not quite the the ZTA 381 00:22:19,440 --> 00:22:22,480 framework there. So it does take a lot of 382 00:22:22,480 --> 00:22:25,560 conversation, it does take a lot of storytelling. 383 00:22:25,720 --> 00:22:28,640 And truth be told, I mean, we're, we're still working 384 00:22:28,640 --> 00:22:34,360 through how do we best do that. We've luckily gotten a lot of 385 00:22:34,360 --> 00:22:38,080 great support from the business from an IT perspective, from an 386 00:22:38,080 --> 00:22:43,440 IT project perspective. But like that never, that never 387 00:22:43,440 --> 00:22:46,560 ceases, right? We with every milestone we hit, 388 00:22:46,560 --> 00:22:50,080 we have to be able to craft the story of what, what did we 389 00:22:50,080 --> 00:22:53,280 accomplish. And one of the great things our 390 00:22:53,280 --> 00:22:57,240 CIO has done is create a business value report where we 391 00:22:57,240 --> 00:23:00,880 have a place to highlight the business impact of some of those 392 00:23:01,280 --> 00:23:05,480 technology investments. Because again, again especially 393 00:23:05,520 --> 00:23:09,600 I mean at least Americopa County are, are are are ROI 394 00:23:09,600 --> 00:23:13,640 calculations, it's not formalized, right? 395 00:23:13,640 --> 00:23:22,200 They're not strong. We don't, we don't often report 396 00:23:22,280 --> 00:23:27,960 on the return on investment for RIT investments, but this gives 397 00:23:27,960 --> 00:23:32,360 us the opportunity to do that in a, in a story, right that 398 00:23:32,360 --> 00:23:35,120 business can align with. And then what that gives us is 399 00:23:35,120 --> 00:23:39,960 the the foundation to continue to build onto those successes as 400 00:23:39,960 --> 00:23:43,600 we move forward. But I wouldn't say that we've 401 00:23:43,600 --> 00:23:46,120 got it. We've got it down perfect, but 402 00:23:46,120 --> 00:23:48,880 we're working on it. Hey, nobody does. 403 00:23:49,480 --> 00:23:52,200 You mentioned the three work streams, right, Internal, 404 00:23:52,440 --> 00:23:56,440 external and device. And I thought device was real 405 00:23:56,440 --> 00:24:00,520 interesting because I think everybody does it, but they 406 00:24:00,520 --> 00:24:03,720 don't do it all as a separate work stream. 407 00:24:04,040 --> 00:24:09,160 And so I'm wondering what what brought that decision for you. 408 00:24:09,160 --> 00:24:14,400 Why is device identity such an important concept or working 409 00:24:14,400 --> 00:24:16,800 area that you set it up as a separate work stream? 410 00:24:17,440 --> 00:24:18,240 Great. Question. 411 00:24:19,360 --> 00:24:24,280 Some of that was probably resource organization and the 412 00:24:24,280 --> 00:24:30,080 ability to strategize within that pillar without clouding or 413 00:24:30,080 --> 00:24:33,400 complicating the strategy with some of the other identity 414 00:24:33,920 --> 00:24:39,640 components, right or identity pillars, identity types because 415 00:24:39,640 --> 00:24:42,520 when and we still see it even though our work streams are 416 00:24:42,520 --> 00:24:43,840 separate. When you start talking about 417 00:24:43,840 --> 00:24:47,360 one, it's easy to start going down the path of, well, like 418 00:24:47,360 --> 00:24:51,120 users going to do this, this and this and this with our work 419 00:24:51,120 --> 00:24:56,520 streams being separate from a internal external device, We 420 00:24:56,520 --> 00:24:59,680 could kind of corral that back in and say, OK, that's great. 421 00:25:00,360 --> 00:25:03,400 Internal identity is looking about they're handling that. 422 00:25:03,800 --> 00:25:05,720 Let's focus on the device itself. 423 00:25:05,720 --> 00:25:08,880 What, what is the best outcome and what are the things that we 424 00:25:08,880 --> 00:25:12,200 need to do on the device? Almost absent of the user, 425 00:25:12,200 --> 00:25:15,880 right? Because in a, in a true ZTA 426 00:25:16,800 --> 00:25:21,320 architecture or, or, or framework, it doesn't matter. 427 00:25:21,320 --> 00:25:26,160 Like I could log in on any device, right And you get the 428 00:25:26,160 --> 00:25:28,720 information from the device and you get the information from the 429 00:25:28,720 --> 00:25:30,600 user. You combine those and that's 430 00:25:30,600 --> 00:25:34,760 what creates the, the access, right, The the underlying 431 00:25:34,760 --> 00:25:38,640 entitlement. And so I didn't want us to think 432 00:25:38,640 --> 00:25:40,800 about it. Well, that's Shay's device. 433 00:25:40,800 --> 00:25:42,160 She's always going to use that device. 434 00:25:42,160 --> 00:25:45,080 We trust her. So you don't care We don't care 435 00:25:45,080 --> 00:25:47,560 about her device. I wanted them to think about it 436 00:25:47,560 --> 00:25:51,200 and if if anybody grabs any device, what do we want to make 437 00:25:51,200 --> 00:25:57,080 sure that that device does or has or is in order for us to be 438 00:25:57,080 --> 00:26:02,000 able to trust it, right or it to be able to verify it. 439 00:26:02,840 --> 00:26:09,600 So it was kind of a a multi, multi reason, but mainly to be 440 00:26:09,600 --> 00:26:13,600 able to focus the discussion and to focus the teams into those 441 00:26:13,600 --> 00:26:18,200 spaces where we could build the appropriate capabilities without 442 00:26:18,200 --> 00:26:23,720 getting too crisscross across the other identity types. 443 00:26:24,520 --> 00:26:29,760 You mentioned the zero trust architectures ETA and it feels 444 00:26:29,760 --> 00:26:32,880 like 0 trust. I think it's one of the most 445 00:26:32,880 --> 00:26:36,280 important architectural concepts in all of infrastructure. 446 00:26:36,280 --> 00:26:39,240 I think sometimes it gets mocked because of it. 447 00:26:39,240 --> 00:26:42,640 So for you, it's like you went to conferences for a while and 448 00:26:42,640 --> 00:26:46,000 everything was 50% more zero trust. 449 00:26:46,160 --> 00:26:49,360 So we made fun of it on this show at some points. 450 00:26:49,360 --> 00:26:53,400 But I mean, as far as like architectural principles or 451 00:26:53,400 --> 00:26:55,920 guidelines go, it's about as important as it gets. 452 00:26:56,320 --> 00:27:00,200 I would think it's especially important in a large 453 00:27:00,320 --> 00:27:03,640 organization like a county government, because you have 454 00:27:03,640 --> 00:27:08,720 departments and agencies and folks have to move around the 455 00:27:08,720 --> 00:27:13,240 network and regardless of where they are, you know, kind of be 456 00:27:13,240 --> 00:27:17,480 that that same person using that same devices, that part of the 457 00:27:17,480 --> 00:27:20,240 drivers that why is zero trust what's so important? 458 00:27:20,240 --> 00:27:21,920 Are there other things on top of that? 459 00:27:22,560 --> 00:27:25,280 Yeah, I, I mean that's probably one of the strongest drivers, 460 00:27:25,280 --> 00:27:27,200 right. So I mean local government 461 00:27:27,200 --> 00:27:31,240 shares structural similarities to like a large conglomerate. 462 00:27:32,200 --> 00:27:37,320 There's a lot of different like semi autonomous units, some some 463 00:27:37,320 --> 00:27:42,000 dependencies across those units, Jim, to your point, like users 464 00:27:42,000 --> 00:27:46,240 exist in the same spaces from a location perspective. 465 00:27:47,600 --> 00:27:50,360 And ideally like all of these things at the end of the day, 466 00:27:50,360 --> 00:27:55,120 work together and can synergize appropriately to provide public 467 00:27:55,120 --> 00:27:57,960 services, right? And so that creates an 468 00:27:57,960 --> 00:28:02,560 environment where a concept like never trust, always verify 469 00:28:02,920 --> 00:28:07,760 starts to become very appealing because again, semi autonomous 470 00:28:08,360 --> 00:28:11,000 orgs, they can stand up their own systems. 471 00:28:11,000 --> 00:28:14,640 They, they have their own kind of regulations, their own data 472 00:28:14,640 --> 00:28:16,560 types, their own threat surfaces. 473 00:28:16,960 --> 00:28:20,920 But at the end of the day, we need a way to be able to trust 474 00:28:20,920 --> 00:28:23,160 each other so that we can do business, right? 475 00:28:23,200 --> 00:28:26,680 And like that's zero trust, right? 476 00:28:26,680 --> 00:28:29,400 Those, that those are the principles of zero trust. 477 00:28:29,440 --> 00:28:35,080 And so I think that in any organization that doesn't have 478 00:28:35,080 --> 00:28:38,480 that centralized line of control, zero trust makes a lot 479 00:28:38,480 --> 00:28:40,240 of sense. And I think it was probably 480 00:28:40,240 --> 00:28:44,880 going to be kind of the way even if it didn't become the 481 00:28:44,880 --> 00:28:50,720 framework that it is today that large, you know, multi business 482 00:28:50,720 --> 00:28:56,800 line, semi autonomous to autonomous IT shops got to 483 00:28:56,800 --> 00:29:00,800 anyway. So, yeah, I mean, I, I think it 484 00:29:00,800 --> 00:29:09,920 helps to give us a, I'll say a similar vision right across all 485 00:29:09,920 --> 00:29:13,840 of our different AT shops. It gives us a vocabulary that we 486 00:29:13,840 --> 00:29:20,240 can use and a, a justification for why are we putting all of 487 00:29:20,240 --> 00:29:22,240 this in place? Well, we're putting this in 488 00:29:22,240 --> 00:29:27,280 place because, you know, I, I run this case management system 489 00:29:27,280 --> 00:29:29,200 and your users are going to connect to it. 490 00:29:29,200 --> 00:29:31,520 And I have no control over your users. 491 00:29:31,800 --> 00:29:34,640 So you have to give me a guarantee that you're doing the 492 00:29:34,640 --> 00:29:38,080 right things and you're managing that device and you're managing 493 00:29:38,080 --> 00:29:42,080 that user to a, a baseline level. 494 00:29:42,080 --> 00:29:44,120 So I will give you access to my data. 495 00:29:45,600 --> 00:29:48,560 So, yeah, I, I think that's a, that's a big driver just based 496 00:29:48,560 --> 00:29:54,240 on the organizational structure of the county and and 497 00:29:54,280 --> 00:29:55,800 potentially any local government. 498 00:29:56,440 --> 00:30:00,880 And when we talk about devices, I think there are generally a 499 00:30:00,880 --> 00:30:02,960 few different types of devices, right? 500 00:30:03,160 --> 00:30:06,560 There's the managed devices that you issue from the county. 501 00:30:06,800 --> 00:30:10,760 But in this world of BYOD, people can bring their own 502 00:30:10,760 --> 00:30:13,120 devices. You can't manage those 503 00:30:13,120 --> 00:30:17,520 necessarily. There's IoT devices, there's OT 504 00:30:17,520 --> 00:30:23,640 devices, which may not be in your scope, but kind of what is 505 00:30:23,640 --> 00:30:26,760 the approach for each of those? And can you come to help us for 506 00:30:26,960 --> 00:30:31,120 people who aren't familiar with that language that I just used, 507 00:30:31,360 --> 00:30:34,560 what are those different types of devices? 508 00:30:35,440 --> 00:30:37,400 Yeah. And this is actually been a 509 00:30:37,400 --> 00:30:40,880 great discussion that we've had even within the county, you 510 00:30:40,880 --> 00:30:48,080 know, across departments, across units, even to come to a solid 511 00:30:48,080 --> 00:30:53,760 definition, managed was much easier to define managed and 512 00:30:53,760 --> 00:30:55,880 unmanaged. I'll say BYOD was like a whole 513 00:30:55,880 --> 00:30:58,480 nother animal. But so from a managed 514 00:30:58,480 --> 00:31:02,800 perspective, the way that I would define that is a device 515 00:31:02,800 --> 00:31:07,680 that you have control over, you have in your inventory you're 516 00:31:07,720 --> 00:31:14,040 you're getting information from, you can put configuration onto 517 00:31:14,040 --> 00:31:16,720 to include an identity like a certificate, right? 518 00:31:17,600 --> 00:31:21,920 So truly it is managed. If you wanted to turn it off, 519 00:31:21,920 --> 00:31:24,720 you could turn it off. If you wanted to wipe it, you 520 00:31:24,720 --> 00:31:27,920 could wipe it unmanaged. Of course, is the other side of 521 00:31:27,920 --> 00:31:31,160 that spectrum where you have no control. 522 00:31:32,040 --> 00:31:36,320 You, you don't have it in inventory, there's there's no 523 00:31:36,920 --> 00:31:40,920 validation of health, there's no validation of configuration or 524 00:31:40,920 --> 00:31:44,440 patch levels. It's truly outside of your 525 00:31:44,440 --> 00:31:48,640 purview. And then there's BYOD, which for 526 00:31:48,640 --> 00:31:51,440 the county can actually fall into the managed or unmanaged 527 00:31:51,800 --> 00:31:54,200 definition. And so that's why this one was 528 00:31:54,680 --> 00:31:58,120 was a lot of fun. We're still we're still talking 529 00:31:58,120 --> 00:32:05,560 through how how we successfully define and manage ABYOD approach 530 00:32:05,560 --> 00:32:08,480 for county resources. Now when I started at the 531 00:32:08,480 --> 00:32:14,720 county, we did have like a like the any device anywhere, anytime 532 00:32:15,040 --> 00:32:17,120 approach to doing business, right? 533 00:32:18,440 --> 00:32:25,240 Meaning we would have to have a good way to secure our apps and 534 00:32:25,240 --> 00:32:30,520 our data even in the event that an unmanaged device or BYOD 535 00:32:30,560 --> 00:32:36,080 device wanted access. Working through that of course, 536 00:32:36,320 --> 00:32:39,960 but so BYOD for us or bring your own device. 537 00:32:40,360 --> 00:32:44,240 Right now we have two flavors of that. 538 00:32:44,240 --> 00:32:51,400 One is a BYOD approach where they sign a waiver that says, 539 00:32:51,440 --> 00:32:54,880 hey, Maricopa County, you can manage this device even though I 540 00:32:54,880 --> 00:32:59,280 own it, which kind of puts them into the BYOD managed category, 541 00:32:59,680 --> 00:33:04,560 meaning if they lose it, if it becomes compromised, we have the 542 00:33:04,560 --> 00:33:08,360 ability to wipe it, we have the ability to lock it etcetera. 543 00:33:09,120 --> 00:33:14,720 We also have the BYOD approach for some of our cloud services 544 00:33:15,040 --> 00:33:20,040 where you know you can, you can log in and you can consume that 545 00:33:20,040 --> 00:33:23,560 application with just your user identity. 546 00:33:24,040 --> 00:33:27,800 Meaning we don't manage the device, we only manage the user 547 00:33:27,800 --> 00:33:30,920 identity and the data that we're allowing that device to have 548 00:33:30,920 --> 00:33:34,320 access to. And so that's the unmanaged BYOD 549 00:33:34,400 --> 00:33:38,960 approach. Of course, ITOT can also fall 550 00:33:38,960 --> 00:33:41,280 into both the unmanaged and managed categories. 551 00:33:41,880 --> 00:33:47,160 And that one's one that we're starting to tackle and working 552 00:33:47,160 --> 00:33:52,720 to identify what of the ITOT categories can we manage and 553 00:33:52,760 --> 00:33:55,520 which ones can we not. And then how do we, it's very 554 00:33:55,520 --> 00:34:00,040 similar to the end user devices, how how do we like segment and 555 00:34:00,040 --> 00:34:04,000 control their access appropriately for their level of 556 00:34:04,000 --> 00:34:06,880 management? I think where the rubber really 557 00:34:06,880 --> 00:34:11,280 hits the road on this topic is how do you take the device 558 00:34:11,280 --> 00:34:17,560 identity and actually enforce access around it? 559 00:34:17,560 --> 00:34:21,159 So I'm thinking about kind of like how device identity and 560 00:34:21,159 --> 00:34:25,560 infrastructure come together to say, all right, you can go here 561 00:34:25,560 --> 00:34:27,880 and you can't go there. So maybe you can talk a little 562 00:34:27,880 --> 00:34:31,719 bit about that for again for the identity of practitioners who 563 00:34:31,719 --> 00:34:36,400 are trying to figure out how does this all work, maybe give 564 00:34:36,400 --> 00:34:39,199 kind of our primer on that. Yeah, and that's a great 565 00:34:39,199 --> 00:34:42,400 question. I mean, the classic architecture 566 00:34:42,400 --> 00:34:48,600 in that space is 802.1 X, right? So wired and wireless network 567 00:34:48,600 --> 00:34:52,719 access control using the platform such as ICE to be able 568 00:34:52,719 --> 00:34:57,680 to validate that that system before it connects into your 569 00:34:57,680 --> 00:35:01,440 network is healthy and can prove its identity. 570 00:35:02,080 --> 00:35:05,000 Going back to our the beginning of our conversation, right? 571 00:35:06,280 --> 00:35:09,760 I mean, the hardware is coming now with like ATPM, of course, 572 00:35:09,760 --> 00:35:12,160 it's always had a Mac, but there's some, there's some 573 00:35:12,640 --> 00:35:15,520 definite considerations around Mac when you're trying to use it 574 00:35:15,520 --> 00:35:19,280 for any, any type of validation, but also certificate, right? 575 00:35:19,280 --> 00:35:28,520 So I think for device identity, especially for any type of wired 576 00:35:28,520 --> 00:35:33,000 or wireless network access control, it comes down to how do 577 00:35:33,000 --> 00:35:34,880 you validate that device's identity. 578 00:35:35,240 --> 00:35:38,600 For us, we we are leaning into a certificate validation. 579 00:35:39,880 --> 00:35:43,080 Of course, there's some some new great technologies out there as 580 00:35:43,080 --> 00:35:50,520 well that use like apps on the device, right to grab device 581 00:35:51,160 --> 00:35:55,480 identifiers and creates truly create a device identity out of 582 00:35:55,480 --> 00:35:59,600 that information that's used for validation for access either 583 00:35:59,600 --> 00:36:02,760 onto the network or access to apps in the cloud, etcetera. 584 00:36:03,120 --> 00:36:07,520 I kind of think that behind the scenes here there's a level of 585 00:36:07,520 --> 00:36:11,960 certificates, maybe PKI infrastructure at work. 586 00:36:12,960 --> 00:36:15,480 Am I on the right track? How does that fit in? 587 00:36:16,840 --> 00:36:24,320 Yeah, so I do think a strong certificate architecture is a 588 00:36:24,320 --> 00:36:27,080 foundational component for user and device identity. 589 00:36:27,880 --> 00:36:31,360 As stated there. There are perhaps some ways you 590 00:36:31,360 --> 00:36:32,560 could do it without certificates. 591 00:36:32,560 --> 00:36:34,640 And I don't want to say certificates are the easy button 592 00:36:34,640 --> 00:36:39,280 because certificates are never easy, but they are. 593 00:36:39,800 --> 00:36:44,240 They are something that especially in a autonomous, semi 594 00:36:44,240 --> 00:36:51,160 autonomous org, can span spheres of control and can create trust 595 00:36:51,160 --> 00:36:55,840 chains that can be shared, you know, regardless of where that 596 00:36:55,840 --> 00:37:00,400 device originated, right? So leveraging something like 597 00:37:00,400 --> 00:37:04,160 certificates, our accounting IT shops don't all have to agree 598 00:37:04,160 --> 00:37:07,720 that we're going to put, you know, client X across all of our 599 00:37:07,720 --> 00:37:11,280 workstations and that's going to be managed by some central IT 600 00:37:11,280 --> 00:37:15,320 shop. They can can manage a 601 00:37:15,440 --> 00:37:20,200 certificate architecture that has a similar trust chain that 602 00:37:20,200 --> 00:37:22,600 we can then use at our security gateways. 603 00:37:22,680 --> 00:37:26,160 I'll liken it to you like different passports, right, to 604 00:37:26,160 --> 00:37:30,800 prove identity at the airport. Everybody knows and understands 605 00:37:30,800 --> 00:37:33,880 what a passport is. There's, there's an official 606 00:37:33,880 --> 00:37:39,080 route trust agency that can validate that passport and 607 00:37:39,080 --> 00:37:42,000 that's what I consider the certificate in, in our 608 00:37:42,000 --> 00:37:45,280 architecture. Again, there's other forms of 609 00:37:45,280 --> 00:37:47,000 identity that can be leveraged, right? 610 00:37:47,000 --> 00:37:52,480 A driver's license, an ID card, you know, the list could go on 611 00:37:52,520 --> 00:37:54,400 shortly. I don't know what else they 612 00:37:54,400 --> 00:38:00,160 accept at the airport, honestly, but to that point, everybody 613 00:38:00,160 --> 00:38:05,560 knows that the passport is is a proof, proof of identity and 614 00:38:05,560 --> 00:38:08,280 they know what to do with it when they're presented that form 615 00:38:08,280 --> 00:38:11,160 of identity. Again, allowing the accounting 616 00:38:11,160 --> 00:38:16,480 to still have the county IT agencies still have autonomous 617 00:38:16,960 --> 00:38:20,880 control over their device management, meaning other 618 00:38:20,880 --> 00:38:24,440 departments don't have to know what they're using to manage the 619 00:38:24,440 --> 00:38:27,880 device or anything really, right. 620 00:38:27,880 --> 00:38:31,920 They, they manage that device A in a platform like Workspace One 621 00:38:31,920 --> 00:38:36,960 or Intune and Workspace One or Intune gets the certificate to 622 00:38:36,960 --> 00:38:40,960 the device and then just sends the hey, this guy's good, let 623 00:38:40,960 --> 00:38:42,920 him in. I validated everything 624 00:38:43,000 --> 00:38:50,840 appropriately and we trust that and it just gives us a an easier 625 00:38:50,840 --> 00:38:57,120 approach without having to all come together and agree on an 626 00:38:57,120 --> 00:39:00,280 external vendor, a partner platform in that space. 627 00:39:00,960 --> 00:39:03,560 Yeah, well, one other form of identity. 628 00:39:03,560 --> 00:39:07,080 So I was flying last week and I saw a lot of people whip out 629 00:39:07,080 --> 00:39:09,400 their mobile driver's license. Yes. 630 00:39:09,440 --> 00:39:12,640 I don't have one personally. My state doesn't support it, but 631 00:39:12,920 --> 00:39:15,840 I'd love to get there. Come on over to Arizona. 632 00:39:16,200 --> 00:39:18,080 We've got them. You've got them. 633 00:39:18,080 --> 00:39:20,840 You guys have Waymo. I mean, we got. 634 00:39:20,840 --> 00:39:24,480 Everything. You really do, really do. 635 00:39:25,280 --> 00:39:28,440 Talk about device identity, like hopefully those autonomous 636 00:39:28,440 --> 00:39:32,040 waymo's they can identify them 'cause they're all over. 637 00:39:32,880 --> 00:39:37,560 Exactly, exactly. So you know, the last question I 638 00:39:37,560 --> 00:39:42,520 wanted to ask about because I'm familiar with some framework 639 00:39:42,520 --> 00:39:48,400 that this has that can apply to kind of a device identity 640 00:39:48,400 --> 00:39:51,240 program. But leading into that, I'm just 641 00:39:51,240 --> 00:39:54,200 kind of thinking one thing I've seen as consultants. 642 00:39:54,200 --> 00:39:58,640 So Jeff and I are unfortunately we can't just podcast full time. 643 00:39:58,640 --> 00:40:01,320 It doesn't pay enough of the doesn't make enough of the 644 00:40:01,320 --> 00:40:06,120 contribution to pay the bills. But we we get to work with a lot 645 00:40:06,120 --> 00:40:08,640 of clients. So we get to see in the private 646 00:40:08,640 --> 00:40:11,120 sector. NIST is becoming extremely 647 00:40:11,120 --> 00:40:13,600 popular. I know in the public sector it's 648 00:40:13,600 --> 00:40:17,120 extremely popular. Maybe you could talk about what 649 00:40:17,120 --> 00:40:21,240 that level of influence is like, how it affects your program, and 650 00:40:21,240 --> 00:40:26,480 then if you can speak at all to how it might, those guidelines 651 00:40:26,480 --> 00:40:33,840 that exist for detect and respond work with from the NIST 652 00:40:33,840 --> 00:40:37,280 framework are being adopted at the county. 653 00:40:38,520 --> 00:40:42,680 Yeah, that's a great question. And I am seeing a lot more 654 00:40:42,800 --> 00:40:45,800 reference and reliance on that framework, especially in the 655 00:40:45,800 --> 00:40:51,520 audit space, which of course then motivates business to start 656 00:40:51,520 --> 00:40:56,720 to notice and comply. For us though, the business 657 00:40:56,760 --> 00:41:02,200 framework really at its core, again provides a common language 658 00:41:02,200 --> 00:41:11,240 for us to talk and a way to structure our strategies so 659 00:41:11,240 --> 00:41:14,640 folks know what the desired outcome is for our projects, 660 00:41:14,640 --> 00:41:17,560 right? We could pick out bits and 661 00:41:17,560 --> 00:41:21,320 pieces of that framework and say we are, you're doing this 662 00:41:21,320 --> 00:41:23,720 project so that we can have these outcomes. 663 00:41:23,720 --> 00:41:26,480 These outcomes are aligned with the NIST framework. 664 00:41:27,360 --> 00:41:30,920 And of course they have like a AZTA, they have like the access 665 00:41:30,920 --> 00:41:33,400 controls, they have the identity components. 666 00:41:34,080 --> 00:41:38,920 So it really does give us a a foundational road map for what 667 00:41:38,920 --> 00:41:42,720 are we trying to do and and at the end of the day, have the 668 00:41:42,720 --> 00:41:46,920 conversation about why it's important and to what degree 669 00:41:47,000 --> 00:41:50,720 it's important to the county. Now just like any framework, of 670 00:41:50,720 --> 00:41:53,720 course, Nists, you could go all the way to the extreme. 671 00:41:54,320 --> 00:41:58,440 And I don't know that there's anybody who probably can say, 672 00:41:58,440 --> 00:42:02,920 Yep, we are. We adhere to every single missed 673 00:42:02,920 --> 00:42:07,360 guideline that is out there. So organizations have to be able 674 00:42:07,360 --> 00:42:09,880 to structure some level of like a maturity model. 675 00:42:10,960 --> 00:42:14,280 So we're not spinning our wheels, implementing things that 676 00:42:14,280 --> 00:42:19,440 are not providing value, especially based on the 677 00:42:19,440 --> 00:42:21,800 investment. And I do think the NIST 678 00:42:21,800 --> 00:42:24,720 framework again, helps us structure that conversation so 679 00:42:24,720 --> 00:42:28,120 that we can create an appropriate maturity model and 680 00:42:28,120 --> 00:42:34,120 we can create a an appropriate strategy for how we tackle any 681 00:42:34,120 --> 00:42:35,880 aspect. I mean, of course NIST covers 682 00:42:35,880 --> 00:42:38,120 all sorts of things, but specifically for this 683 00:42:38,120 --> 00:42:40,800 conversation, something like device identity or internal 684 00:42:40,800 --> 00:42:46,040 identity or zero trust. So it's in the name, right, NIST 685 00:42:46,040 --> 00:42:49,680 framework, not NIST law. So you have to like, you know, 686 00:42:49,920 --> 00:42:51,800 take that into, you know, accordance with what things 687 00:42:51,800 --> 00:42:53,680 going on. A lot of this conversation is 688 00:42:53,680 --> 00:42:59,000 focused on technology and sort of how things work and the 689 00:42:59,000 --> 00:43:00,760 interdependencies between all that. 690 00:43:01,160 --> 00:43:03,000 But a big part of this is still the people side. 691 00:43:03,000 --> 00:43:06,800 So I'm curious, how do you, how do you make this real, you know, 692 00:43:06,800 --> 00:43:10,280 from a long term perspective to say, OK, that's great. 693 00:43:10,320 --> 00:43:13,120 We are, you know, 100% more 0 trusts, right? 694 00:43:13,240 --> 00:43:16,360 Whatever that looks like, right. It requires A-Team to put that 695 00:43:16,360 --> 00:43:20,360 in place, not only to stand it up, but to maintain it and keep 696 00:43:20,360 --> 00:43:23,920 it relevant for the future. So how do you look at that from 697 00:43:23,920 --> 00:43:26,680 a long term perspective to say, OK, that's great. 698 00:43:26,680 --> 00:43:29,240 We've got technology, but there's also people in process 699 00:43:29,280 --> 00:43:32,160 that needs to be part of this. Yeah, technology is always the 700 00:43:32,160 --> 00:43:34,960 easy part. So yeah, great question. 701 00:43:34,960 --> 00:43:39,800 And it's it's one I think as leaders that we we have to take 702 00:43:39,800 --> 00:43:43,720 into consideration, especially as we ask our teams to embark on 703 00:43:43,720 --> 00:43:46,160 these huge transformational projects. 704 00:43:46,480 --> 00:43:50,720 If you know, zero trust or identity being being examples of 705 00:43:51,200 --> 00:43:54,800 very transformational projects because they they do change the 706 00:43:54,800 --> 00:43:58,040 underlying way that we support technology for the business. 707 00:43:59,960 --> 00:44:04,840 So, I mean at the county we, we have these conversations often. 708 00:44:05,560 --> 00:44:09,880 So it, it, it revolves around how do we skill up our teams. 709 00:44:10,800 --> 00:44:16,600 So as we are deciding on solutions or platforms or 710 00:44:16,600 --> 00:44:22,560 systems, a good part of that conversation is your folks know 711 00:44:22,560 --> 00:44:27,920 this like if we pick this, how, how are we going to support it 712 00:44:27,920 --> 00:44:32,000 to your point, Jess. And so being able to get the 713 00:44:32,000 --> 00:44:37,960 training to our our technical folks at the right time with the 714 00:44:37,960 --> 00:44:42,920 right context is key. Now I will say we've had a 715 00:44:42,920 --> 00:44:45,320 number of transformational projects where we did training 716 00:44:45,320 --> 00:44:48,000 say at the beginning and it was a three-year project and by, you 717 00:44:48,000 --> 00:44:53,040 know, year 3 it was gone, right. And so we, we had to redo the 718 00:44:53,040 --> 00:44:55,760 training. So really evaluating the timing 719 00:44:55,760 --> 00:45:00,600 and when and how to engage partners, I think is, is 720 00:45:00,600 --> 00:45:03,400 critical. We are very lucky to have a 721 00:45:03,400 --> 00:45:06,200 number of great partners in our identity program right now. 722 00:45:06,920 --> 00:45:09,320 And of course those partners live and breathe identity. 723 00:45:09,640 --> 00:45:13,760 They can make identity decisions on the fly based on their 724 00:45:13,760 --> 00:45:16,160 experience. And our, our, our teams don't 725 00:45:16,240 --> 00:45:18,320 necessarily live and breathe identity, right? 726 00:45:18,320 --> 00:45:21,600 It's just one component of the work that they're responsible 727 00:45:21,600 --> 00:45:23,880 for. And so we have to be able to 728 00:45:23,880 --> 00:45:27,200 balance and, and we do ask our partners to ensure that they're 729 00:45:27,200 --> 00:45:31,480 having good conversations with our teams to explain why we're 730 00:45:31,480 --> 00:45:35,560 making the decisions that we're making, why we're implementing 731 00:45:35,560 --> 00:45:36,680 the things that we're implementing. 732 00:45:36,680 --> 00:45:41,840 And wherever possible, let our team members drive, let them do 733 00:45:41,840 --> 00:45:45,520 the work to a degree, let them make some of the mistakes, 734 00:45:45,560 --> 00:45:47,520 right? And let them be involved there 735 00:45:47,520 --> 00:45:51,240 so that when it comes to operations, they understand 736 00:45:51,240 --> 00:45:55,840 those guts. I mean, we've had both great 737 00:45:55,840 --> 00:45:59,520 examples of where we've done an implementation and on the other 738 00:45:59,520 --> 00:46:02,960 side folks just felt good. They were excited they could 739 00:46:02,960 --> 00:46:04,840 support it. And then of course the other 740 00:46:04,840 --> 00:46:09,080 side of that spectrum is implementations where the 741 00:46:09,080 --> 00:46:11,640 partner stepped away and everybody just looked at each 742 00:46:11,640 --> 00:46:17,520 other like don't touch it. So as we, we're in our identity 743 00:46:17,520 --> 00:46:23,640 journey as, as we're, as we're changing the architecture of the 744 00:46:23,640 --> 00:46:28,560 organization for zero trust, right or zero trust 745 00:46:28,560 --> 00:46:34,560 capabilities, we've changed the way our teams operate to a 746 00:46:34,560 --> 00:46:39,560 degree. So our, our DCIO did create a 747 00:46:39,880 --> 00:46:43,560 network security and access management team, which is 748 00:46:43,560 --> 00:46:47,760 focused on like the security gateways that we're putting in 749 00:46:47,760 --> 00:46:50,440 the policy. And that's coupled, of course, 750 00:46:50,440 --> 00:46:53,520 with that access management or the identity component. 751 00:46:54,400 --> 00:46:58,800 So those two pillars aren't separate across A-Team, right, 752 00:46:58,800 --> 00:47:01,120 Where there's one team that knows the identity side real 753 00:47:01,120 --> 00:47:05,240 good and one team that knows how to put policy in place, they're 754 00:47:05,240 --> 00:47:11,120 together, which of course allows us to create more robust policy, 755 00:47:11,120 --> 00:47:13,840 right, 'cause they understand how the identity underneath is 756 00:47:13,840 --> 00:47:17,560 structured. So creating new teams that 757 00:47:17,560 --> 00:47:21,680 canmore effectively support, especially if the solution is 758 00:47:22,360 --> 00:47:25,800 across domain or across team type of solution. 759 00:47:26,320 --> 00:47:30,000 Also have done the same for our desktop support guys, like a, a 760 00:47:30,280 --> 00:47:33,680 workspace and platform support team that can support the 761 00:47:33,680 --> 00:47:36,720 platforms that we're putting in place with an understanding 762 00:47:36,720 --> 00:47:39,600 about like the devices that are connecting something like, you 763 00:47:39,600 --> 00:47:44,360 know, Intune. So you do, you do have to 764 00:47:44,360 --> 00:47:48,640 examine is our organizational structure appropriate and do we 765 00:47:48,640 --> 00:47:56,000 have silos that are going to impact our, our momentum or our 766 00:47:56,000 --> 00:47:59,200 innovation in these spaces? And if you do have the 767 00:47:59,200 --> 00:48:03,480 conversations about how do you solve for that effectively the 768 00:48:03,480 --> 00:48:08,000 other side of that, and I was very excited when we did this, 769 00:48:08,000 --> 00:48:11,640 but we started an OCM team. So an organizational change 770 00:48:11,640 --> 00:48:15,280 management team. It's only, it's only two great 771 00:48:15,280 --> 00:48:18,800 gals right now, but they make a huge impact, right? 772 00:48:18,800 --> 00:48:21,760 So a lot of folks see organizational change management 773 00:48:21,760 --> 00:48:26,400 is almost like just a marketing team, but it's not it, it really 774 00:48:26,400 --> 00:48:30,160 does get to the heart of your question as we get into projects 775 00:48:30,520 --> 00:48:34,360 and these two gals will will ask us as leaders, can your team 776 00:48:34,360 --> 00:48:37,920 really support this and like force us to answer that question 777 00:48:38,600 --> 00:48:42,880 in order to be ready for taking on that project, which is 778 00:48:42,880 --> 00:48:45,240 fantastic. So they're doing some of that 779 00:48:45,240 --> 00:48:49,200 organizational change management from doing assessments or 780 00:48:49,200 --> 00:48:52,920 interviews to some of our IT support staff on how is this 781 00:48:52,920 --> 00:48:56,280 going to change your job and then giving that feedback back 782 00:48:56,280 --> 00:48:58,760 to us. So again, we can structure the 783 00:48:58,760 --> 00:49:01,520 right training, the right teams, etcetera. 784 00:49:01,600 --> 00:49:06,880 So big, big one, especially as digital transformation and 785 00:49:07,080 --> 00:49:10,960 modernization. I mean, it's not slowing down, 786 00:49:11,000 --> 00:49:15,240 right, especially with AI, but. So I smell a Part 2 with Shi 787 00:49:15,240 --> 00:49:20,040 Mcgrew coming down the road where we talk OCM specifically 788 00:49:20,040 --> 00:49:23,280 for these large transformational projects because it does come up 789 00:49:23,280 --> 00:49:25,400 quite a bit. And I think a lot of my 790 00:49:25,400 --> 00:49:27,560 background is operations, right? It's help desk. 791 00:49:27,560 --> 00:49:31,360 And then it's, I am sort of help desk specific and I would get so 792 00:49:31,360 --> 00:49:33,920 tired of people just throwing things over the wall and saying, 793 00:49:33,920 --> 00:49:36,680 oh, well, you know, help desk will still take care of it or 794 00:49:36,680 --> 00:49:38,560 whoever's going to answer the phone like, no, no, no, we got a 795 00:49:38,560 --> 00:49:41,800 plan for that kind of stuff. So I, if you're up for it some 796 00:49:41,800 --> 00:49:44,240 point in the future when you're ready and we can invite those 797 00:49:44,240 --> 00:49:47,000 other folks on your team as well to have a conversation around 798 00:49:47,000 --> 00:49:50,640 OCM and what does it mean to be good at it? 799 00:49:50,680 --> 00:49:54,680 Because there is bad OCM and then there's effective OCM. 800 00:49:54,680 --> 00:49:57,080 And I think most people want to be on that good, effective side 801 00:49:57,080 --> 00:49:58,480 of things. So hopefully you'll come back 802 00:49:58,480 --> 00:50:00,800 and we can have a conversation about that in the future. 803 00:50:01,400 --> 00:50:03,840 Yeah. I would love that because it is 804 00:50:04,080 --> 00:50:08,400 especially in IT right, a topic that I don't think we, we 805 00:50:08,400 --> 00:50:12,320 consider a touch on enough because it's kind of the the 806 00:50:12,320 --> 00:50:15,520 softer marketing side, right. It's the communication side and 807 00:50:16,280 --> 00:50:18,160 IT just wants to do right. Well, yeah. 808 00:50:18,400 --> 00:50:21,480 What's the ROA on doing, you know, change management? 809 00:50:21,480 --> 00:50:23,520 It's like it's, it's most of the time it's like it's just an 810 00:50:23,520 --> 00:50:25,600 added cost approach. I don't know, like that is such 811 00:50:25,600 --> 00:50:27,560 an important part to make sure you get it right. 812 00:50:28,040 --> 00:50:32,320 It's, it helps you avoid mistakes of the past, mistakes 813 00:50:32,320 --> 00:50:34,520 that other people have had and helps you really kind of get 814 00:50:34,520 --> 00:50:36,480 things going. So I don't, I don't want to get 815 00:50:36,480 --> 00:50:38,560 too far into it now because I definitely want to do like an 816 00:50:38,560 --> 00:50:40,880 episode on that. We've got a few minutes left. 817 00:50:40,880 --> 00:50:44,360 I want to talk real quickly about the future of device 818 00:50:44,360 --> 00:50:47,280 identity here specifically. So maybe not necessarily like a 819 00:50:47,280 --> 00:50:49,680 lightning round, but maybe kind of a more brief conversation, 820 00:50:49,680 --> 00:50:52,400 like where do you see this going from a device perspective? 821 00:50:52,400 --> 00:50:55,480 Because now we've got, you know, super disruptive things like AI. 822 00:50:55,520 --> 00:50:58,520 Hey, we just made it, you know, 50 minutes without mentioning 823 00:50:58,560 --> 00:51:02,280 AI, which is probably a record for any IT conversation right at 824 00:51:02,280 --> 00:51:04,120 this point. So like, where do you see things 825 00:51:04,120 --> 00:51:09,080 like AI or things and frameworks like shared signals framework or 826 00:51:09,080 --> 00:51:12,760 behavior analytics, you know, Cape continuous access 827 00:51:12,760 --> 00:51:14,760 evaluation profile. Hope I got it right tool. 828 00:51:15,600 --> 00:51:19,800 But things like that where, you know, we're starting to use data 829 00:51:19,960 --> 00:51:24,120 and analytics to improve things or measure things like where do 830 00:51:24,120 --> 00:51:26,880 you see that specifically on the machine identity side or I'm 831 00:51:26,880 --> 00:51:28,760 sorry, the device identity side? Yeah. 832 00:51:29,600 --> 00:51:32,440 And so I, I, I think to your point, it's going to be right in 833 00:51:32,440 --> 00:51:36,320 line with how we're applying AI everywhere, right? 834 00:51:36,640 --> 00:51:41,520 It's, it's going to be a question of what, what data do 835 00:51:41,520 --> 00:51:46,720 we have and how, what, what do we want to do with that data and 836 00:51:46,720 --> 00:51:51,240 what correlations are going to make our decisions more 837 00:51:51,240 --> 00:51:53,960 powerful, right, more impactful, better etcetera. 838 00:51:54,480 --> 00:51:59,480 And so in the device identity space, you know, a lot of the Ed 839 00:51:59,520 --> 00:52:03,160 Rs are already collecting like mass amounts of data from the 840 00:52:03,160 --> 00:52:09,600 devices to be able to articulate relatively clearly like their 841 00:52:09,600 --> 00:52:13,160 health status, right? Like, hey, this hard drive is 842 00:52:13,160 --> 00:52:17,800 going to fail in 10 days. So we're going to see it 843 00:52:17,800 --> 00:52:21,720 everything from like just as the simple operational pieces, 844 00:52:21,720 --> 00:52:23,480 right? As well as, and I think we're 845 00:52:23,480 --> 00:52:26,320 already seeing this to a degree, like just with Copilot and your 846 00:52:26,320 --> 00:52:32,160 ability to interact with your machine, the ability to leverage 847 00:52:32,160 --> 00:52:34,600 AI to troubleshoot a device problem. 848 00:52:35,160 --> 00:52:40,840 So for an end user, if you know their settings are off or 849 00:52:40,840 --> 00:52:44,760 whatever, you can pull up a a chat, have a natural like a 850 00:52:44,760 --> 00:52:49,560 language based conversation with whatever AI platforms out there 851 00:52:49,560 --> 00:52:53,120 and fix your problem. Of course, that alleviates our 852 00:52:53,120 --> 00:52:56,000 poor help desk folks from a number of things, so we'll have 853 00:52:56,000 --> 00:52:58,720 to skill them up and have them focus on other higher value 854 00:52:58,720 --> 00:53:02,160 tasks. But yeah, so absolutely 855 00:53:02,160 --> 00:53:06,800 everything from just operational efficiencies at the end user and 856 00:53:06,800 --> 00:53:11,200 back end perspective to our ability to detect and respond 857 00:53:11,440 --> 00:53:14,600 threats more effectively. Now the flip side of that is 858 00:53:14,600 --> 00:53:16,920 it's also going to be used to attack more effectively, 859 00:53:16,920 --> 00:53:19,120 especially at the device level, right. 860 00:53:20,160 --> 00:53:22,840 So it will be a balance certainly I think the 861 00:53:22,840 --> 00:53:28,280 correlation across multiple systems for all of the things 862 00:53:28,480 --> 00:53:32,040 that we can get from a device, you know, location, who's logged 863 00:53:32,040 --> 00:53:34,760 in, when's the last time this person logged in, where were 864 00:53:34,760 --> 00:53:38,600 they before? And then be able to create 865 00:53:38,600 --> 00:53:43,440 feedback to, you know, our security teams in regards to the 866 00:53:43,440 --> 00:53:46,920 level of threat that that device poses to the organization and 867 00:53:46,920 --> 00:53:50,440 make decisions based on that. And this is all this isn't like 868 00:53:50,480 --> 00:53:53,480 super future, 'cause this, this all is capability today. 869 00:53:53,640 --> 00:53:57,080 We haven't quite got there yet. So it's my future, but it's not 870 00:53:57,080 --> 00:54:00,960 a technology future. That's, that's all a possibility 871 00:54:00,960 --> 00:54:03,280 today. And then where we'll go from 872 00:54:03,280 --> 00:54:05,200 there. I, I don't know, like I 873 00:54:05,760 --> 00:54:11,760 especially as devices start to, to morph, right like the 874 00:54:11,760 --> 00:54:16,360 smartwatches, smart glasses and how do we leverage all of those, 875 00:54:16,360 --> 00:54:17,960 especially from a business perspective? 876 00:54:19,400 --> 00:54:21,880 Yeah, we're going to be wearing a whole bunch of identity things 877 00:54:22,320 --> 00:54:27,320 on us given point. Yeah, Phones, tablets, watches, 878 00:54:27,800 --> 00:54:31,360 right, chips, you know, brain implants, all kinds of stuff. 879 00:54:31,920 --> 00:54:34,920 Yes, we started off this episode ganging up on Gym, which I 880 00:54:34,920 --> 00:54:36,560 absolutely love. So anytime you want to come 881 00:54:36,560 --> 00:54:38,800 back, we can beat up on Gym a little bit is good. 882 00:54:39,200 --> 00:54:41,800 Jim, I want to come back to you. You had about 4550 minutes or so 883 00:54:41,800 --> 00:54:44,840 to kind of think about this conversation around machine 884 00:54:44,840 --> 00:54:49,160 identity versus, you know, can a machine or a non human have an 885 00:54:49,160 --> 00:54:51,920 identity? Are you prepared to come back at 886 00:54:51,920 --> 00:54:54,520 us with some fire that we need to chew on? 887 00:54:54,520 --> 00:54:57,160 I know. I'm kind of like barking up a a 888 00:54:57,160 --> 00:55:01,000 tree with this one. I'm old man yelling at cloud but 889 00:55:01,000 --> 00:55:03,840 it's really the vocabulary of it. 890 00:55:04,160 --> 00:55:06,760 So here's how I've always thought about identity and 891 00:55:06,760 --> 00:55:11,880 accounts. If Shay has an identity or an 892 00:55:11,880 --> 00:55:17,160 account in action directory and the travel system and in the 893 00:55:17,160 --> 00:55:20,240 accounting system, how many identities are there? 894 00:55:21,040 --> 00:55:24,640 Well, the caustic argument is there's one, there's one Shay, 895 00:55:25,360 --> 00:55:29,560 and those are accounts, right? Well, I don't see why it would 896 00:55:29,560 --> 00:55:32,920 be any different with anything else. 897 00:55:34,120 --> 00:55:37,960 And by the way, the perspective of each of those system owners 898 00:55:37,960 --> 00:55:40,000 was like, hey, we have all these identities. 899 00:55:40,200 --> 00:55:42,480 When you talk to Active Directory administrators, they 900 00:55:42,480 --> 00:55:46,280 say I've got 10,000 identities in my system. 901 00:55:46,280 --> 00:55:50,600 And those may pair off for the most part one account to one 902 00:55:50,600 --> 00:55:53,120 person, but those are accounts. Those are not identities. 903 00:55:53,360 --> 00:55:57,760 Identities are in the HR system or in the contractor system. 904 00:55:58,120 --> 00:56:00,280 That's where they're originally started. 905 00:56:00,280 --> 00:56:03,840 And even those are probably accounts or that identity, but 906 00:56:03,840 --> 00:56:08,280 the identity is the person. And so you extend that. 907 00:56:08,280 --> 00:56:12,160 Now let's take the question of OK, devices. 908 00:56:12,160 --> 00:56:16,120 Do they have an identity? Well, what's a device? 909 00:56:16,480 --> 00:56:22,200 Is it just something that is like a laptop, a phone, a 910 00:56:22,200 --> 00:56:24,480 tablet? What about a printer? 911 00:56:24,680 --> 00:56:28,320 What about a thermostat, thermostat that's smart and are 912 00:56:28,600 --> 00:56:33,120 all those identities? What about a thermostat that has 913 00:56:33,120 --> 00:56:36,120 multiple sensors on it? Are each one of those sensors 914 00:56:36,120 --> 00:56:39,320 identities like so where does where do you draw the line 915 00:56:39,320 --> 00:56:42,800 between they just have an account so they can authenticate 916 00:56:42,800 --> 00:56:50,360 to report data versus they're actually enough to say that they 917 00:56:50,360 --> 00:56:53,240 have an identity. And to me it comes down to are 918 00:56:53,240 --> 00:56:57,560 they kind of a life form or not? That's where I think that the 919 00:56:57,560 --> 00:57:00,320 word identity should be used properly. 920 00:57:00,800 --> 00:57:07,040 And the one exception I've made in my deranged mind is that AI 921 00:57:07,360 --> 00:57:11,160 may get smart enough, that is doing all the characteristics of 922 00:57:11,160 --> 00:57:15,640 life form a human being would do and could potentially make 923 00:57:15,640 --> 00:57:20,720 decisions as good as a human being or better, and therefore 924 00:57:20,720 --> 00:57:25,600 would qualify as an identity. But even at at this stage in the 925 00:57:25,600 --> 00:57:30,520 game, I would say AI would have to be considered, you know, the 926 00:57:30,520 --> 00:57:34,600 accountability of some human being performing the actions. 927 00:57:34,600 --> 00:57:38,120 And that person would be the one who decided whether or not they 928 00:57:38,120 --> 00:57:41,840 had access in an account to get onto your network. 929 00:57:42,120 --> 00:57:47,360 So that's why to me, it's like, is it an identity or an account? 930 00:57:47,520 --> 00:57:51,560 There's definitely Gray area, but I always kind of go back to 931 00:57:51,560 --> 00:57:53,760 that, an identity as a human being. 932 00:57:54,320 --> 00:57:58,040 I have thoughts Shay, do you have anything you want to say 933 00:57:58,040 --> 00:58:01,920 before I unload? Well, so I mean, I would say, I 934 00:58:01,920 --> 00:58:04,480 think it still comes down to like how you're defining 935 00:58:04,480 --> 00:58:08,280 identity, right? So I mean, Jim, you're defining 936 00:58:08,280 --> 00:58:10,800 it as like somebody who is, who has a soul. 937 00:58:12,200 --> 00:58:13,880 That's exactly what I was thinking of. 938 00:58:13,880 --> 00:58:15,920 Like the existential question of like a soul. 939 00:58:16,840 --> 00:58:19,160 Right. But I mean, I think you could 940 00:58:19,160 --> 00:58:22,200 also classify identity as like a set of characteristics, 941 00:58:22,200 --> 00:58:28,480 attributes or proof that make an entity unique and recognizable 942 00:58:29,360 --> 00:58:31,880 and hopefully trustworthy given the context, right? 943 00:58:32,360 --> 00:58:36,160 And in that definition, I would say certainly what we're trying 944 00:58:36,160 --> 00:58:40,920 to build is the capability of hardware to have those things so 945 00:58:40,920 --> 00:58:43,840 that we can do some level of validation of their 946 00:58:43,840 --> 00:58:47,320 trustworthiness. Now, if you're getting into the 947 00:58:47,320 --> 00:58:51,280 yeah, the, the philosophical soul sense of identity, I would 948 00:58:51,280 --> 00:58:56,840 have to then lean to Jim's direction and say, OK, the maybe 949 00:58:56,840 --> 00:59:02,800 it's the Webster's definition of that identity is associated 950 00:59:02,800 --> 00:59:05,560 somewhere like this along the lines of like personality or 951 00:59:05,560 --> 00:59:08,160 something that makes you uniquely identifiable. 952 00:59:10,160 --> 00:59:13,080 That, that today a machine can't have that. 953 00:59:13,240 --> 00:59:16,880 But I do think that they can have identity in the sense of 954 00:59:18,240 --> 00:59:21,400 recognizable characteristics that allow us to make decision. 955 00:59:22,000 --> 00:59:24,920 I feel like this is where context matters, like anything 956 00:59:24,920 --> 00:59:26,800 else. So of course we have to, you 957 00:59:26,800 --> 00:59:28,880 know, think about that. So I get it. 958 00:59:29,640 --> 00:59:34,560 But I feel like yes, a machine, a non human can have an 959 00:59:34,560 --> 00:59:37,800 identity. We have Mac addresses. 960 00:59:37,800 --> 00:59:41,800 That's how you identify a device on a network, for example. 961 00:59:41,800 --> 00:59:44,680 There is a unique identifier associated with it. 962 00:59:44,680 --> 00:59:47,800 So I think there's that. I'm not going to answer the soul 963 00:59:47,800 --> 00:59:51,160 question because I think you could argue some people have 964 00:59:51,160 --> 00:59:53,640 souls, maybe some don't. I think now you want to, you 965 00:59:53,640 --> 00:59:55,400 know, portray I. Think we can agree that Nope, 966 00:59:55,480 --> 00:59:58,800 printer has a soul. I can I can agree. 967 00:59:59,200 --> 01:00:02,640 Yes, that's probably correct. But the machine does have an 968 01:00:02,640 --> 01:00:05,320 identity, because how else do you address it? 969 01:00:05,760 --> 01:00:08,320 You've given it an identity by a Mac address. 970 01:00:08,560 --> 01:00:12,320 You've given it an IP address to say, OK, this is where I live on 971 01:00:12,320 --> 01:00:15,600 the network. Yes, it is an identity. 972 01:00:15,600 --> 01:00:20,040 Yes, it may have a whole bunch of sub accounts that run 973 01:00:20,040 --> 01:00:21,800 underneath the context of that identity. 974 01:00:22,160 --> 01:00:24,080 Right inside of a printer, for example, you probably have a 975 01:00:24,080 --> 01:00:25,960 whole bunch of microcontrollers that are controlling the 976 01:00:25,960 --> 01:00:28,440 principal or that are controlling the display unit 977 01:00:28,440 --> 01:00:31,280 that are controlling the network information coming in. 978 01:00:31,640 --> 01:00:34,560 Those are all accounts that are running certain mining, you 979 01:00:34,560 --> 01:00:36,760 know, tiny service accounts that are running on the in the 980 01:00:37,080 --> 01:00:39,080 identity, in the scope of the printer. 981 01:00:39,240 --> 01:00:42,360 The printer certainly, you know, is not a person that it doesn't 982 01:00:42,360 --> 01:00:47,040 have autonomy beyond what it's directed to. 983 01:00:47,040 --> 01:00:50,600 Do you hope unless printers start coming alive, Right. 984 01:00:51,000 --> 01:00:52,840 But I still think yes, you can. Yeah. 985 01:00:52,880 --> 01:00:54,600 Yeah. You know, wait till the AI 986 01:00:54,600 --> 01:00:56,760 printer comes out, you know, then then we're all screwed. 987 01:00:58,200 --> 01:01:00,920 But I still think you can have identities all over the place. 988 01:01:01,040 --> 01:01:02,880 And I think it is the definition. 989 01:01:02,880 --> 01:01:05,440 How do you define what an identity is? 990 01:01:06,040 --> 01:01:08,920 I just feel like, yes, you can have both identities and 991 01:01:08,920 --> 01:01:12,080 accounts. Identities can report to other 992 01:01:12,080 --> 01:01:13,400 identities. That's why we have things like 993 01:01:13,680 --> 01:01:17,520 org charts and, you know, family trees and all kinds of different 994 01:01:17,520 --> 01:01:20,000 stuff like that, right? Where, you know, even on, on my 995 01:01:20,000 --> 01:01:21,640 network, right? I probably have, I don't know, 996 01:01:21,640 --> 01:01:25,040 200 IoT devices, you know, that are in my house. 997 01:01:25,720 --> 01:01:28,000 I have a smart thermostat. It has an identity. 998 01:01:29,000 --> 01:01:31,920 It has remote sensors I'm OK on right now in my basement where 999 01:01:31,920 --> 01:01:36,200 my office is that is connected as an identity back to my 1000 01:01:36,680 --> 01:01:39,920 thermostat that then connects to my smart, you know, home app 1001 01:01:40,320 --> 01:01:42,920 that gives me the temperature and, you know, does all the 1002 01:01:42,920 --> 01:01:47,160 controls around that. So I do feel like I, I don't get 1003 01:01:47,160 --> 01:01:50,480 stuck. For me in the soul concept, 1004 01:01:50,840 --> 01:01:54,800 identity is identity. What is human is a different, is 1005 01:01:54,800 --> 01:01:57,960 a is a totally different thing. Does that make sense? 1006 01:01:57,960 --> 01:02:02,880 So if we were to get down to definition, you're saying if it 1007 01:02:02,880 --> 01:02:05,480 has a Mac address, it has an identity? 1008 01:02:06,400 --> 01:02:08,680 A Mac address is an identity. That's what it is. 1009 01:02:08,800 --> 01:02:13,080 Its purpose is is a unique identifier for, in this case a 1010 01:02:13,160 --> 01:02:17,160 network device. So if a network card has 1011 01:02:17,160 --> 01:02:21,000 multiple Mac addresses, it has multiple identities. 1012 01:02:22,280 --> 01:02:25,840 A network card having multiple one network card. 1013 01:02:25,840 --> 01:02:28,560 That would be software based probably, but it would. 1014 01:02:28,560 --> 01:02:31,920 Run in the context of another, what if a server has seven 1015 01:02:32,120 --> 01:02:35,120 network cards in it, 7 Mac addresses? 1016 01:02:35,440 --> 01:02:38,240 Then you're saying that server has seven identities. 1017 01:02:38,600 --> 01:02:43,000 Well, so in a, in a instance of like a technical identity for a 1018 01:02:43,000 --> 01:02:46,400 person, I know the, the conversation is going to be, are 1019 01:02:46,400 --> 01:02:49,040 those accounts or those personas or are those identities? 1020 01:02:50,320 --> 01:02:55,080 But my identity as a Maricopa County citizen and my identity 1021 01:02:55,080 --> 01:02:58,520 as a Maricopa County employee are distinctly different. 1022 01:02:59,240 --> 01:03:02,800 And how you validate those identities and how I use those 1023 01:03:02,800 --> 01:03:05,640 identities are going to be different as well from a 1024 01:03:05,840 --> 01:03:08,920 technical perspective, right. And possibly even from a real 1025 01:03:08,920 --> 01:03:12,800 person perspective, the way I, you know, go to work or the way 1026 01:03:12,800 --> 01:03:18,880 I, you know, consume county services different, right? 1027 01:03:18,880 --> 01:03:24,760 So I, I would consider those two different personas or I mean two 1028 01:03:24,760 --> 01:03:28,960 different identities if I was managing them as objects in any 1029 01:03:28,960 --> 01:03:31,720 type of store, right? Because they wouldn't, they 1030 01:03:31,720 --> 01:03:36,320 would be uniquely identifiable apart from each other. 1031 01:03:36,680 --> 01:03:39,480 I wouldn't smush them together necessarily. 1032 01:03:40,680 --> 01:03:42,440 I. Totally agree SO. 1033 01:03:42,920 --> 01:03:50,000 I can have multiple identities. And not just your head, I mean, 1034 01:03:50,000 --> 01:03:51,720 Jim, you're not we have multiple identities, right? 1035 01:03:51,720 --> 01:03:54,880 I mean, a lot of people think we do the podcast full time, but I 1036 01:03:54,880 --> 01:03:56,880 wish that doesn't that's this is what we do at nights and 1037 01:03:56,880 --> 01:03:59,360 weekends. We have an identity as podcast 1038 01:03:59,360 --> 01:04:01,480 people. Our day job is where identity, 1039 01:04:01,800 --> 01:04:04,680 our identity there is well identity consultants kind of a 1040 01:04:04,680 --> 01:04:09,520 bad you support there, but we are contact switching between 1041 01:04:09,520 --> 01:04:12,200 those identities. I don't know if those are 1042 01:04:12,200 --> 01:04:14,560 different identities or different personas. 1043 01:04:14,760 --> 01:04:17,920 Well, maybe one or another, but we, you know, we I. 1044 01:04:17,960 --> 01:04:21,280 Would argue that the Mac is a different persona then because 1045 01:04:21,280 --> 01:04:23,720 it's it's there to do a different operation. 1046 01:04:23,880 --> 01:04:26,320 The reason why you'd have, say, a separate network card or a 1047 01:04:26,320 --> 01:04:32,400 separate Mac is to separate some, some process, some service 1048 01:04:32,400 --> 01:04:37,400 very similar to a a human identity, even very similar to 1049 01:04:37,400 --> 01:04:42,120 the ones in your head. See, now my brain starts to 1050 01:04:42,120 --> 01:04:44,360 explode and it's like, all right, how how far do we take 1051 01:04:44,360 --> 01:04:46,880 this? We now like explode the Mac 1052 01:04:47,640 --> 01:04:50,760 address or the network card and. On those podcasts, Yeah, 1053 01:04:50,800 --> 01:04:53,280 exactly. This is something maybe I'll 1054 01:04:53,320 --> 01:04:56,280 include this like in a future game show as part of my majority 1055 01:04:56,280 --> 01:04:58,920 rules like can a machine have an identity? 1056 01:04:58,920 --> 01:05:01,360 Yes no, whatever. And let's see what the crowd 1057 01:05:01,360 --> 01:05:02,080 comes back. So maybe I'll. 1058 01:05:02,080 --> 01:05:06,040 Definitely as as we get into as we get deeper into non human 1059 01:05:06,040 --> 01:05:10,800 identities that are essentially potentially reporting up through 1060 01:05:10,800 --> 01:05:14,080 an org structure, right. And I that one is probably more 1061 01:05:14,080 --> 01:05:16,600 future focus. But I, I do think that that's 1062 01:05:17,560 --> 01:05:25,280 gonna be a future at some point we will have to treat them and, 1063 01:05:26,360 --> 01:05:31,120 and apply the same constraints as we would for human identity 1064 01:05:31,120 --> 01:05:34,880 to a degree, right? Especially, you know, AGI type 1065 01:05:37,320 --> 01:05:39,480 entities, robots, whatever we want to. 1066 01:05:39,480 --> 01:05:42,800 Call these agentic AIS running around autonomously, either 1067 01:05:42,800 --> 01:05:46,120 doing things off of a routine right that someone has set for 1068 01:05:46,120 --> 01:05:48,880 them, or them developing their own routines correct. 1069 01:05:49,800 --> 01:05:52,360 And so I think it's it's a very interesting question for our 1070 01:05:52,360 --> 01:05:54,760 time right now because Jim, I think we are hitting that 1071 01:05:54,760 --> 01:05:56,920 inflection point of how do we define it? 1072 01:05:57,240 --> 01:06:00,760 And how do we, and this gets into some AI ethics which is 1073 01:06:00,760 --> 01:06:06,320 probably a whole nother show, but how do we handle device 1074 01:06:06,320 --> 01:06:09,960 based identity for things that are doing human like work? 1075 01:06:11,600 --> 01:06:14,000 See, now I'm really glad that we didn't, that we named the 1076 01:06:14,000 --> 01:06:15,840 podcast what we did, identity at the center. 1077 01:06:15,840 --> 01:06:18,720 We didn't call it human identity at the center or non human 1078 01:06:18,720 --> 01:06:20,880 identity at the center. It's just identity at the 1079 01:06:20,880 --> 01:06:23,000 center. No, didn't. 1080 01:06:23,640 --> 01:06:25,000 Call it a council center, that's for sure. 1081 01:06:25,000 --> 01:06:27,240 Persona's at the center. Persona's at the center. 1082 01:06:27,240 --> 01:06:29,560 Yeah, pretty soon we'll have AI at the center. 1083 01:06:29,560 --> 01:06:30,840 That'll be our our spin off show. 1084 01:06:30,840 --> 01:06:32,840 All right. We've gone in like over an hour 1085 01:06:32,840 --> 01:06:35,320 and I, I know you're very busy, Shay, So I really appreciate the 1086 01:06:35,320 --> 01:06:37,280 time. I do kind of want to wrap up on 1087 01:06:37,280 --> 01:06:39,360 a letter note, kind of getting to know each other before the 1088 01:06:39,360 --> 01:06:41,000 call. One of the things that you 1089 01:06:41,000 --> 01:06:44,360 mentioned was that you are kind of like a little bit like me. 1090 01:06:44,360 --> 01:06:46,440 I call my, you know, a little bit of a Renaissance man where, 1091 01:06:46,440 --> 01:06:49,880 you know, you get interested in a bunch of different topics and 1092 01:06:49,880 --> 01:06:52,880 you kind of maybe get an inch or a foot deep and you kind of have 1093 01:06:52,880 --> 01:06:55,840 like this, you know, wide range of knowledge. 1094 01:06:56,320 --> 01:06:59,640 And I feel that's kind of the way I've always been interested 1095 01:06:59,640 --> 01:07:02,240 in things as well. And so I want to pose a question 1096 01:07:02,240 --> 01:07:06,120 to you. If your approach to learning, 1097 01:07:06,400 --> 01:07:09,640 which it sounds like it is, is digging those thousand different 1098 01:07:09,640 --> 01:07:12,040 holes and maybe they're only an inch or a foot deep, right. 1099 01:07:13,360 --> 01:07:16,840 If it was an Olympic sport, what would you call that? 1100 01:07:17,680 --> 01:07:20,080 And then what would the medal ceremony look like? 1101 01:07:20,080 --> 01:07:24,560 Yeah. That's a good one really start 1102 01:07:24,560 --> 01:07:27,200 to to hit that creative side of my brain here. 1103 01:07:27,880 --> 01:07:31,720 I could I could go boring and just say call it a career and 1104 01:07:31,720 --> 01:07:32,920 your paycheck is the I was kidding. 1105 01:07:35,280 --> 01:07:38,960 Hopefully we all, we all are lifelong learners, right? 1106 01:07:38,960 --> 01:07:41,240 Especially in IT because there's so much change there. 1107 01:07:41,240 --> 01:07:46,600 But if it was an official Olympic sport, I'd love to have 1108 01:07:46,600 --> 01:07:49,040 something like curiosity. Like curiosity cap. 1109 01:07:49,040 --> 01:07:50,440 I don't know. That's kind of boring. 1110 01:07:50,440 --> 01:07:52,200 I probably could get more creative than that if I had a 1111 01:07:52,200 --> 01:07:54,680 little bit more time to think. But curiosity cap. 1112 01:07:54,680 --> 01:07:59,800 And of course, there's not necessarily a loser medal 1113 01:07:59,800 --> 01:08:03,640 ceremony. Yeah, you get, I don't know, you 1114 01:08:03,640 --> 01:08:09,600 get gold for see that and the curiosity and learning is a hard 1115 01:08:09,600 --> 01:08:11,360 thing to measure. So I don't even have to think 1116 01:08:11,360 --> 01:08:14,760 about how in the world we would measure it as an Olympic sport. 1117 01:08:16,520 --> 01:08:19,000 Maybe the award is more questions. 1118 01:08:19,359 --> 01:08:21,640 Right, more, more knowledge. Curiosity, right? 1119 01:08:21,640 --> 01:08:24,840 Yeah, it's like, OK, well maybe that's the hook here, right? 1120 01:08:24,840 --> 01:08:27,120 Is, you know, you like to learn new things. 1121 01:08:27,120 --> 01:08:28,359 You're always picking up new things like, oh, that's 1122 01:08:28,359 --> 01:08:29,640 interesting. And you kind of, you know, learn 1123 01:08:29,640 --> 01:08:31,880 that and then it it just never ends. 1124 01:08:31,880 --> 01:08:34,920 Like that's the reward is there is no end. 1125 01:08:34,960 --> 01:08:37,520 And you just, there is no end. You just keep on this loop. 1126 01:08:37,640 --> 01:08:38,840 Yeah. Yeah, yeah. 1127 01:08:39,240 --> 01:08:40,479 I mean, that's a, that's a good question. 1128 01:08:40,479 --> 01:08:43,840 Yeah. I mean, it's, you just have to, 1129 01:08:43,840 --> 01:08:47,560 yeah, create a gamified version where there's there's no true 1130 01:08:47,560 --> 01:08:52,560 end and it's just always a what are you going to learn next and 1131 01:08:52,560 --> 01:08:55,439 next and next and next? And the award is like a bunch of 1132 01:08:55,439 --> 01:08:57,080 different gift cards from a bunch of different stores 1133 01:08:57,080 --> 01:08:59,600 because you can't pick just. One hopefully it's like 1134 01:08:59,640 --> 01:09:02,399 education, right? You get credits to like go sit 1135 01:09:02,399 --> 01:09:07,120 in on classes at Stanford or Harvard or get. 1136 01:09:07,120 --> 01:09:09,439 Exposure stuff available. So you couldn't do it today, 1137 01:09:09,439 --> 01:09:11,600 right? The mass was a mass education 1138 01:09:11,600 --> 01:09:13,200 type stuff, yeah. Yeah, yeah. 1139 01:09:13,200 --> 01:09:18,120 You get to get to sit with great minds and ask questions. 1140 01:09:19,080 --> 01:09:24,200 And annoy them. They're they're part of it is 1141 01:09:24,200 --> 01:09:26,680 they have to be patient. That that is true. 1142 01:09:27,080 --> 01:09:28,439 That is true. It's almost like, you know when 1143 01:09:28,439 --> 01:09:30,600 you have a child, right? And everything is like why, why, 1144 01:09:30,600 --> 01:09:33,399 why like OK, right. All right, we'll get through 1145 01:09:33,399 --> 01:09:35,240 this. I mean, why is another good name 1146 01:09:35,240 --> 01:09:37,920 for the the games? Why, Yeah. 1147 01:09:38,120 --> 01:09:40,000 The Y. Games, I don't know, yeah, the Y 1148 01:09:40,040 --> 01:09:42,319 games. I mean, you could play on that. 1149 01:09:42,319 --> 01:09:45,000 X Games Y Games X. See. 1150 01:09:45,080 --> 01:09:47,080 OK, see, now we're getting. Into now we're getting 1151 01:09:47,120 --> 01:09:49,840 somewhere, yeah. We need some OCM now to make 1152 01:09:49,840 --> 01:09:51,920 sure that we roll this out correctly. 1153 01:09:52,200 --> 01:09:55,920 Right, right. Jim, do you have any thoughts on 1154 01:09:56,480 --> 01:09:57,960 on sort of that learning exercise? 1155 01:09:58,760 --> 01:10:01,720 You mailed what I was going to say, which is never end. 1156 01:10:01,720 --> 01:10:05,920 So it would be like you started during the Olympics and four 1157 01:10:05,920 --> 01:10:07,520 years later it would still be going. 1158 01:10:07,720 --> 01:10:09,640 So then it would just keep going and going. 1159 01:10:10,040 --> 01:10:13,840 I kind of went through this and I, you know, I was having a 1160 01:10:14,320 --> 01:10:19,040 conversation with our colleague Brian Lindstrom today. 1161 01:10:19,920 --> 01:10:24,360 I don't know if Brian hold on to the podcast for this long. 1162 01:10:24,360 --> 01:10:28,560 We're already in over an hour, but we're talking about like, 1163 01:10:28,560 --> 01:10:34,320 hey, we're in our 20s. We just like had this burning 1164 01:10:34,320 --> 01:10:38,840 desire to learn. And for me, it was, I started 1165 01:10:38,840 --> 01:10:41,000 learning about computers. I just love computers. 1166 01:10:41,000 --> 01:10:44,200 I wanted to get a file from this computer to that computer. 1167 01:10:44,440 --> 01:10:46,200 I wanted to figure out how to do it. 1168 01:10:46,560 --> 01:10:50,320 And so I would get a book or, you know, the Internet wasn't 1169 01:10:50,320 --> 01:10:54,760 what it is today, so I'd have to mostly use books and try and 1170 01:10:54,760 --> 01:10:58,840 figure it out. But I hated not knowing 1171 01:10:58,840 --> 01:11:00,480 something. If I read a book and it's talked 1172 01:11:00,480 --> 01:11:04,680 about TCPIP, be like, what's this TCPIP thing I need to learn 1173 01:11:04,680 --> 01:11:05,960 about it. Oh, Mac address. 1174 01:11:05,960 --> 01:11:09,520 What's a Mac address? Why is it formatted this way and 1175 01:11:09,760 --> 01:11:12,560 how do I talk from one Mac address to the other? 1176 01:11:12,840 --> 01:11:16,400 What are the commands I write? And eventually it led to me 1177 01:11:16,600 --> 01:11:22,360 doing the Microsoft NT4 MCSE, which was like a bunch of exams. 1178 01:11:22,360 --> 01:11:27,520 But that was another part of the obsession was not only knowing 1179 01:11:27,520 --> 01:11:31,320 these things, but trying to score perfectly on the exams. 1180 01:11:31,320 --> 01:11:37,560 Like I knew every intricate detail of these things and I 1181 01:11:37,560 --> 01:11:42,120 wonder like how many people are in their 20s today who kind of 1182 01:11:42,120 --> 01:11:46,880 attack it that way. But I think that is how you go 1183 01:11:46,880 --> 01:11:53,360 from kind of like your entry level job out of college to a 1184 01:11:53,360 --> 01:11:57,360 more senior level positions. Like you have to have that, that 1185 01:11:57,360 --> 01:12:02,640 burning desire to learn and you know what you know is never good 1186 01:12:02,640 --> 01:12:05,160 enough. And obviously it comes and goes 1187 01:12:05,160 --> 01:12:09,440 as you go throughout your life. But like that time when you're 1188 01:12:09,440 --> 01:12:12,440 first out of college, like that's when you have to just 1189 01:12:12,440 --> 01:12:14,280 consume and build your knowledge. 1190 01:12:14,760 --> 01:12:18,040 And I think being able to straddle the non Internet age 1191 01:12:18,040 --> 01:12:21,920 and the Internet age learning is overwhelming now. 1192 01:12:21,920 --> 01:12:26,840 So it's really a exercise of focus and being able to, Jim, to 1193 01:12:26,840 --> 01:12:30,440 your point, like really take in the subject and not get 1194 01:12:30,440 --> 01:12:33,720 distracted by the 50 other things that are going to be in 1195 01:12:33,720 --> 01:12:36,480 front of you as you're looking into that one thing. 1196 01:12:37,080 --> 01:12:38,760 At least that's my my struggle right now. 1197 01:12:38,800 --> 01:12:42,360 It's just, there's so many things I know I don't know now 1198 01:12:42,400 --> 01:12:46,320 because you're exposed to so many things that picking the 1199 01:12:46,320 --> 01:12:49,400 that that path gets more difficult for, for our folks 1200 01:12:49,400 --> 01:12:53,200 coming out of college, I think. I just think of like squirrel 1201 01:12:53,200 --> 01:12:54,520 and then all of a sudden like there's something new. 1202 01:12:54,520 --> 01:12:56,960 I don't want to figure what that is. 1203 01:12:56,960 --> 01:12:58,600 Not a squirrel or whatever it is. 1204 01:12:59,760 --> 01:13:01,440 OK, let's go ahead and wrap up. This has definitely been a 1205 01:13:01,440 --> 01:13:03,440 longer episode, but this has been a fantastic conversation. 1206 01:13:03,640 --> 01:13:06,880 Shay, open door policy. When you're ready to come back, 1207 01:13:06,880 --> 01:13:09,000 we want to talk about OCM or anything else. 1208 01:13:09,080 --> 01:13:11,920 Let's do it. And yeah, appreciate you being 1209 01:13:11,920 --> 01:13:13,960 on the show and set aside some time for us. 1210 01:13:14,360 --> 01:13:17,720 We normally will put our guest LinkedIn profiles in our show 1211 01:13:17,720 --> 01:13:18,960 notes. So hopefully, you know, that's 1212 01:13:18,960 --> 01:13:20,800 it'll be OK. Give me a thumbs up or not. 1213 01:13:20,800 --> 01:13:24,360 If it is absolutely OK, cool. And people can reach out if they 1214 01:13:24,360 --> 01:13:27,320 have questions or, you know, want to wax poetic around, you 1215 01:13:27,320 --> 01:13:30,040 know, what is human? Maybe, you know, hit us up on 1216 01:13:30,040 --> 01:13:33,040 comments here or on, you know. My LinkedIn inbox. 1217 01:13:34,440 --> 01:13:37,320 It'll be, you know, along with the recruiters fam, and for me 1218 01:13:37,320 --> 01:13:39,560 like podcast promotion experts, right? 1219 01:13:39,560 --> 01:13:42,240 All that other stuff. So, yeah, but I appreciate you 1220 01:13:42,240 --> 01:13:45,040 spending some time with us. And, you know, thank you all for 1221 01:13:45,040 --> 01:13:47,040 watching and or listening. You've stuck with us this far. 1222 01:13:47,480 --> 01:13:51,240 And yeah, find us on the web, idacpodcast.com and we'll talk 1223 01:13:51,240 --> 01:13:52,960 with everyone in the next one. Thank you. 1224 01:13:55,320 --> 01:13:58,320 You've been listening to Identity at the Center. 1225 01:13:58,680 --> 01:14:02,800 We hope you've enjoyed the show. Make sure to like, rate and 1226 01:14:02,800 --> 01:14:06,400 review, and we'll be back soon. But in the meantime, hit the 1227 01:14:06,400 --> 01:14:09,800 website at identity@thecenter.com. 1228 01:14:10,440 --> 01:14:14,560 See you next time on Identity at the Center.